Fields visible in some search scenarios!

  • joawal
Posted: Mon, 01/27/2014 - 20:21

We're running JIRA 6.0.8 with JSF 1.4.17_60
Mostly it works as expected but hidden fields are displayed when running this search:
issuekey in issueHistory() ORDER BY lastViewed DESC

but not when running this:
ORDER BY createdDate DESC

in the first case the hidden columns are displayed with all hidden data
In the other case I cannot see the columns at all

Tried both IE9 and Chrome (32.0.1700.76 m) with the same result.

I expected the columns always to be hidden not only from the search result page but also from the Configure Columns page. Now users can see that there are hidden fields by using the drop down there.

We have the patch for 6.0.8 applied.

This is really urgent for us and now a show stopper for going live. I hope you can help us solve this.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

It is possible to find out hidden values by column headers

  • joawal
  • 10/04/13
  • Wed, 04/09/2014 - 19:36

When searching for issues it is possible to display field names as column headers.
You can then use these in the advanced search and start trying with values.
If you find a value that is used on some issue(s) those issues will be displayed as the search result.

Example: hidden droplist custom field named Rating with values Not rated, Bad, Good.
A user that is restricted to see that field can still choose it as a column in the search result.
And perform an advanced search for Rating=Good
And get a list with all issues where Rating is Good.

We are now using JIRA 6.1.7

I think this is a Major security issue.

Hi, This issue with fields

  • admin
  • 02/16/10
  • Tue, 03/11/2014 - 08:01


This issue with fields visible on some search queries has not been confirmed.

As for the columns, JFS hides not the fields but their values. The user can display the columns in Issue Navigator, but he will not see the values of hidden fields.


Dear product developers, is

  • bion
  • 02/19/14
  • Wed, 02/19/2014 - 13:44

Dear product developers,

is there any product roadmap available where we could find when a new version release is planned? We are considering using and buying your product, however this specific issue might be a show stopper for our company as well.

Could you please elaborate on this?