Summary 🌟
In this release note, we introduce improved filtering, and several bug fixes.
Highlights include enhanced card layouts, SAML user verification, JQL filtering, and updates to the comment editor. Key CSS fixes address dark mode issues and improve display consistency, while security vulnerabilities and functionality bugs have been resolved to enhance system stability.
...
Improvements 
Improved JQL filtering by labels
...
Unauthorized Share Deletion Vulnerability Fixed
We addressed a critical security issue where Prevented users with customer privileges in a Jira Service Desk portal could delete from deleting external shares , even without direct Jira access . The vulnerability allowed customers to obtain a valid JWT and delete shares created by Jira administrators, compromising the integrity of shared information. This issue has now been fixed, and external shares are secured from unauthorized deletion. All operations related to shares—list, get, update, delete, and email notifications—have been thoroughly tested and verified to function correctly across different pages and rolesusing a valid JWT.
Unauthorized Modification of Board Card Settings Vulnerability Fixed
We addressed Fixed a security vulnerability where a "customer" user, self-registered on a Jira helpdesk portal, Jira Service Desk users could modify the board card settings in Jira without direct access to the system. The issue allowed attackers to obtain a valid JWT and manipulate the configuration of board cards, compromising the integrity of external shares. This vulnerability has been resolved, ensuring that without permission. Now, only authorized users can modify board card layouts, and external attackers are now blocked from altering these change settings.
Cross-Instance IDOR Vulnerability Fixed
...
We resolved fixed a critical broken access control vulnerability in the Jira external share application that allowed an attacker attackers from one Jira instance to modify external share settings in a different Jira instance. This vulnerability occurred when attackers used the GID (globally unique identifier) of a share to alter settings, such as changing the board configuration, issue displays, and permissions, compromising the confidentiality and integrity of shared data.
With this fix, external share settings are now protected from unauthorized cross-instance modifications, ensuring that only users with proper permissions can alter these settings.
Cross-Instance IDOR Vulnerability Fixed: Unauthorized Access to Jira API Key Usage History
We fixed a severe cross-instance IDOR (Insecure Direct Object Reference) vulnerability in the Jira external share application. This flaw allowed attackers to access the API key usage history of any other Jira instance. The issue occurred when an attacker, authenticated in their own Jira instance, could use a JWT to retrieve sensitive information, such as request details, IP addresses, user agents, and API key activity from a victim's Jira instance.
With the fix, the confidentiality of API key usage data is protected, and only authorized users within the same instance can access this sensitive informationor access API key usage data in another instance.
Fixed XSS Vulnerability in External Share Link Creation
...