Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

3.6.5 (Security fix)

  • The packed SQL+JQL Driver has been upgraded (+9.7.0) to fix a critical vulnerability. Please upgrade the SQL+JQL Driver on Jira ASAP (it might require to upgrade the JDBC driver to access remotely)

3.6.4 (Security fixes)

  • As a result of deep research to find security vulnerabilities in the app some URLs have been fixed to avoid potential XSRF attacks to Jira administrators. Read more...
  • In addition, the packed SQL+JQL Driver has been updated to the 9.6.0 version which also fixes critical vulnerabilities in the Driver.

3.6.3 (Security fix)

  • FIX: It was possible to perform an XSS attack from one URL. Credits for Ivan Rumak and Alexey Rumak that reported it via https://detectify.com/. Thank you! (smile)

3.5.4

  • Eclipse BIRT remains 100% free at no cost. But the Driver has a dual license (free and commercial) until Jira 9 when only the commercial version will be supported. This version of Eclipse BIRT upgrades the Driver to the 8.0.2 version (← COMMERCIAL!. If you want to run the free version of the Driver, please downgrade it to the latest 7.x version). Of course, if your BIRT reports do not use the SQL+JQL Driver as a data source you are not impacted by this.

...