Fixed in 1.4.22 for JIRA 5.0 – 6.2

Critical fixes in this release

  • System Security: fixed Cross-Site-Scripting (XSS) vulnerability found in JFS (JFSSUP-138)
  • Field Security: added support for JIRA Mobile plugin (JIRA 6.0 and later)
  • Field Security: fixed Hidden fields visible for users when using "jump to field" function in JIRA (JFSSUP-130, JIRA 6.0 and later)

Other fixes and improvements

  • Fixed: User Custom Field rule not working with exception: "com.atlassian.jira.user.DelegatingApplicationUser cannot be cast to com.atlassian.crowd.embedded.api.User" (JIRA 6.0 and later)
  • Compatibility with JIRA Charting plugin (JIRA 6.0 and later)
  • Performance improvements (JIRA 6.0 and later)


  • No labels