Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

3.6.5 (Security fix)

  • The packed SQL+JQL Driver has been upgraded (+9.7.0) to fix a critical vulnerability. Please upgrade the SQL+JQL Driver on Jira ASAP (it might require to upgrade the JDBC driver to access remotely)

3.6.4 (Security fixes)

  • As a result of deep research to find security vulnerabilities in the app some URLs have been fixed to avoid potential XSRF attacks to Jira administrators. Read more...
  • In addition, the packed SQL+JQL Driver has been updated to the 9.6.0 version which also fixes critical vulnerabilities in the Driver.

3.6.3 (Security fix)

  • FIX: It was possible to perform an XSS attack from one URL. Credits for Ivan Rumak and Alexey Rumak that reported it via https://detectify.com/. Thank you! (smile)

3.5.4

  • Eclipse BIRT remains 100% free at no cost. But the Driver has a dual license (free and commercial) until Jira 9 when only the commercial version will be supported. This version of Eclipse BIRT upgrades the Driver to the 8.0.2 version (← COMMERCIAL!. If you want to run the free version of the Driver, please downgrade it to the latest 7.x version). Of course, if your BIRT reports do not use the SQL+JQL Driver as a data source you are not impacted by this.

3.5.3

  • SQL+JQL Driver upgraded to 7.17.0 version. Please read more details from here.

3.5.0

  • IMPROV: Support for a new WEB location that allows sharing the BIRT report URL and embedding it into an iframe.
  • IMPROV: New action to run reports from the administrator's report listing.

...

  • Security fix: only Jira administrators and explicitly granted users and groups can upload BIRT reports. This is a critical security threat and you must upgrade to this version ASAP. Please read more about this Security Thread Alert!Bulletin

...