Versions Compared

Old Version 19

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version 20

changes.mady.by.user Steinar Line

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • RV_ABSOLUTE_VALUE_OF_RANDOM_INT: RV: Bad attempt to compute absolute value of signed random integer in API Connector ID generator

  • DM_DEFAULT_ENCODING: String to byte or byte to string conversions using default platform encoding instead of consistent standard charset encoding

  • SECLDAPI - LDAP_INJECTION: Potential LDAP injection in user lookup due to missing sanitization of special LDAP characters

  • CRLF_INJECTION_LOGS: Potential CRLF Injection for logs: unsanitized user input put directly into logger

  • XSS_SERVLET: Potential XSS in Servlets that utilize printwriter

  • INSECURE_COOKIE: Cookie without HttpOnly or secure flag

  • UNSAFE_HASH_EQUALS: Unsafe hash equals in API Token validation. An attacker might be able to detect the value of the secret hash due to the exposure of comparison timing. When the functions Arrays.equals() or String.equals() are called, they will exit earlier if fewer bytes are matched

  • Update io.jsonwebtoken jjwt libraries used for JWT validation in OpenID Connect to latest version 0.11.2

  • Increased CSRF protection: Origin header required in POST requests on Kantega SSO Enterprise pages

Changes in 5.0.1

...

Bug Fixes

  • Status
    titleSCIM
    Link to 'SCIM network requirements' is incorrect in step 'Network preparation in SCIM setup.

  • Status
    titleAPI Connector
    Link to 'Setup provider' in API Connector is incorrect.

  • Status
    colourPurple
    titleSAML/OIDC
    Links to Identity Provider in will not render in the JSM portal

  • Status
    colourPurple
    titleSAML/OIDC
    Links to Identity Provider on Jira baseUrl (which is redirected to /secure/MyJiraHome.jspa) will not render

  • Status
    colourGreen
    titleUpdate COnfig
    Regular expressions in IP restrictions on Kerberos, Username from header and API Tokens are not translated to new format upon update of config

Changes in 5.0.2

Bug Fixes

  • Fixed a bug that prevented certain internal plugin resources from being served from datacenter CDN. They will not show up in /rest/webResources/1.0/deprecatedDescriptors anymore.

  • Status
    colourRed
    titleKerberos
    Allow # sign in LDAP username lookups

Improvements

  • Status
    titleSCIM
    Not showing SCIM user directories as selectable for JIT

  • Temporarily disable origin requirement for CSRF when saving Kantega SSO changes to be according to Atlassian standards. Will be reintroduced as an optional security improvement later.