Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Date

July 22nd, 2021

Scope of change

CLOUD, DATACENTER & SERVER

Summary of change

Vulnerability fix for custom JQL used.

Details of change

We’ve got a Vulnerability reported for our Release Management Cloud App in scope of Cloud Security Participant program. We fixed it there but also decided to go extra mile and change it for our Gadgets App as well.

Essence of change

Due to the fact that plain JQL that we use as additional filter for few of our gadgets could contain some of privacy information hard coded … we decided to change it for predefined JQL filters.

So, if you want to do additional filtering for the data source of the gadget please create a filter first and then select it in gadget configuration.

The following gadgets are effected:

Example of configuration screen

Bare in mind that additional JQL filter should be available for your target audience. Otherwise if users don’t have access to it the gadget fails to render and appropriate error message will be shown.

How existing gadgets will work after the change

Post version upgrade and before you change custom JQL to predefined JQL filter existing gadgets will work as expected with only one limitation

custom JQL specified will not the applied to gadget’s data source.

  • No labels