2020-11-30

• A critical vulnerability has been fixed in the packed SQL+JQL Driver. 

2020-09-04

• We have contracted the services of some ethical hackers in Rusia to find vulnerabilities of the app. As a result of this research, some vulnerabilities have been detected affecting to some URLs susceptible of XSRF attacks if a Jira Administrator with an active Jira session opened in the same browser visits a malicious site which potentially could manage all the BIRT reports (edit, delete, change access permissions and available locations) as well as upload new ones. This last action is considered as a high-risk vulnerability.

...

Upgrade to the 2.3.0 version as soon as possible.

Upgrading it is a breeze: it requires one click only and everything will go safe.

The newer version restricts uploading Eclipse BIRT reports to Jira administrators only. Jira administrators are able to delegate this feature to other Jira users and groups that they trust on. Please see the new form to configure upload permissions available from the 2.3.0 version:

...