07-22-2021 Upgrade: Vulnerability Fix
Date | July 22nd, 2021 |
|---|---|
Scope of change | CLOUD, DATACENTER & SERVER Burnup, Trends and Universal Progress Gadgets Only. |
Summary of change | Vulnerability fix for custom JQL used. |
Details of change | We’ve got a Vulnerability reported for our Release Management Cloud App in scope of Cloud Security Participant program. We fixed it there but also decided to go extra mile and change it for our Gadgets App as well. |
Essence of change
Due to the fact that plain JQL that we use as additional filter for few of our gadgets could contain some of privacy information hard coded … we decided to change it for predefined JQL filters.
So, if you want to do additional filtering for the data source of the gadget please create a filter first and then select it in gadget configuration.
The following gadgets are effected:
https://releasemanagement.atlassian.net/wiki/spaces/GFJR/pages/1521254645
https://releasemanagement.atlassian.net/wiki/spaces/GFJR/pages/1521254818
https://releasemanagement.atlassian.net/wiki/spaces/GFJR/pages/562593859
Example of configuration screen
Bare in mind that additional JQL filter should be available for your target audience. Otherwise if users don’t have access to it the gadget fails to render and appropriate error message will be shown.
How existing gadgets will work after the change
Burnup and Trends Gadgets
Post version upgrade and before you change custom JQL to predefined JQL filter existing gadgets will work as expected with only one limitation
custom JQL specified will not the applied to gadget’s data source.
Universal Progress Gadgets
After the upgrade instances of Universal Progress Gadgets will fail to render with the following error message to appear
Users need to click “Edit“ to reconfigure the gadget and select predefined JQL filter as opposed to plain JQL.