Security issue for Jira - do we need a new version of the plugin ?

  • altimesh
Posted: Thu, 02/27/2014 - 12:07

Atlassian issued a security alert for Jira : https://confluence.atlassian.com/display/JIRA/JIRA+security+advisory+201...
Looking at the content of the patch, the bundled plugins are to be replaced.
I suppose we need a new version of the plugin to fix this security vulnerability as well.

Do you plan to release one ? Which versions will be covered ? (I am using 6.0.2 now, but could easily upgrade to 6.0.8 if needed - upgrading to a newer version may not be as easy)

‹ Field not visible when creating new issue Fields Still Visible in Activity Stream and History Tab; No Support for Service Desk ›

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

The updated patch for JIRA

  • admin
  • 02/16/10
  • Mon, 03/03/2014 - 21:30
  • Copy comment link

The updated patch for JIRA 6.0.8 is available at Downloads page. Be sure to apply JRA-35797 patch first and the JFS patch.

Alex

Thanks, I can upgrade to

  • altimesh
  • 09/18/13
  • Fri, 02/28/2014 - 16:06
  • Copy comment link

Thanks,

I can upgrade to 6.0.8 version as I said.
Do you have an idea of the timeframe for the 6.0.8 patch ?

We will definitely release

  • admin
  • 02/16/10
  • Fri, 02/28/2014 - 15:40
  • Copy comment link

We will definitely release new JFS patches incorporating fixes provided by Atlassian. However it is still not clear what to do with JIRA versions for which security patches have not been provided. Some people in comments say that the patch for JIRA 6.0.8 breaks JIRA 6.0.1.

Alex