Issue 1 (ref# JFSSUP-230)
A cross-site scripting (XSS) vulnerability has been identified and fixed in Field Security Plugin for JIRA.
This vulnerability is rated as Critical according to Atlassian's Severity Levels for Security Issues.
This issue affects all JFS versions for JIRA 6.0-7.3 starting from JFS 1.4.32_60 and up and is fixed in JFS 1.4.37 for JIRA 6.0-7.3.
How to fix
JIRA 6.0 and later
Upgrade to JFS 1.4.37. There is no need to re-apply the JFS patch.
- Ensure support & maintenance is active for your license.
- Navigate to Downloads page
- Download JFS 1.4.37 plugin JAR file according to your JIRA version
- Upgrade the plugin using JIRA Universal Plugin Manager ("Manage Add-ons")
- Restart your JIRA instance immediately (Note: this is mandatory!)
- There is no need to re-apply the JFS patch
Please contact firstname.lastname@example.org in case of any questions.