07-22-2021 Upgrade: Vulnerability Fix

Summary

Date

July 22nd, 2021

Scope of change

CLOUD, DATACENTER & SERVER

Burnup, Trends and Universal Progress Gadgets Only.

Summary of change

Vulnerability fix for custom JQL used.

Details of change

We’ve got a Vulnerability reported for our Release Management Cloud App in scope of Cloud Security Participant program. We fixed it there but also decided to go extra mile and change it for our Gadgets App as well.

Essence of change

Due to the fact that plain JQL that we use as additional filter for few of our gadgets could contain some of privacy information hard coded … we decided to change it for predefined JQL filters.

So, if you want to do additional filtering for the data source of the gadget please create a filter first and then select it in gadget configuration.

The following gadgets are effected:

Example of configuration screen

Bare in mind that additional JQL filter should be available for your target audience. Otherwise if users don’t have access to it the gadget fails to render and appropriate error message will be shown.

How existing gadgets will work after the change

Burnup and Trends Gadgets

Post version upgrade and before you change custom JQL to predefined JQL filter existing gadgets will work as expected with only one limitation

custom JQL specified will not the applied to gadget’s data source.

Universal Progress Gadgets

After the upgrade instances of Universal Progress Gadgets will fail to render with the following error message to appear

Users need to click “Edit“ to reconfigure the gadget and select predefined JQL filter as opposed to plain JQL.