3.6.5 (Security fix)

The packed SQL+JQL Driver has been upgraded (+9.7.0) to fix a critical vulnerability. Please upgrade the SQL+JQL Driver on Jira ASAP (it might require to upgrade the JDBC driver to access remotely)

3.6.4 (Security fixes)

As a result of deep research to find security vulnerabilities in the app some URLs have been fixed to avoid potential XSRF attacks to Jira administrators. Read more...
In addition, the packed SQL+JQL Driver has been updated to the 9.6.0 version which also fixes critical vulnerabilities in the Driver.

FIX: It was possible to perform an XSS attack from one URL. Credits for for Ivan Rumak and Alexey Rumak that reported it via https://detectify.com/ that reported it. Thank you!

Eclipse BIRT remains 100% free at no cost. But the Driver has a dual license (free and commercial) until Jira 9 when only the commercial version will be supported. This version of Eclipse BIRT upgrades the Driver to the 8.0.2 version (← COMMERCIAL!. If you want to run the free version of the Driver, please downgrade it to the latest 7.x version). Of course, if your BIRT reports do not use the SQL+JQL Driver as a data source you are not impacted by this.

...