Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

This release note is in progress

Summary 🌟

In this release note, we 've introduced new automation tools, an option to abstain, and enhancements like date and time synchronization, along with styling fix and updatesintroduce improved filtering, and several bug fixes. Notable updates include security vulnerability fixes, and improved CSS styling.

...

Improvements (blue star)

...

Improved Visual & Layout
Status
colourBlue
titleIMPROVED

Adjusted the Priority field size to fit within the details section boundaries. Also resolved display issues with long text for reporter, assignee, and labels. Updated the class name from ‘user-name’ to ‘user-text’ due to CSS dependencies, which has affected automation tests.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-878

Fixed Dark Mode CSS Styling Issues
Status
colourGreen
titleFIXED

We fixed CSS styling issues in dark mode where "Issue Type - Description" and "Timeline - Filters" had unreadable whitish backgrounds with gray text. The colors are now adjusted for better visibility and readability.

Improved Card Layout
Status
colourBlue
titleIMPROVED

Adjusted the card layout for even distribution across the page, similar to Jira's layout. This update ensures that cards are organized neatly and the layout is responsive to various screen sizes.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-859

Redesigned icon for 'no result' in dashboard
Status
colourBlue
titleIMPROVED

We have replaced old ES icon with magnifier icon.

...

  • Tasks marked as "Done" now show with a strikethrough, now it’s easy to distinguish if tasks are completed.

...

  • We have also improved the scroll behavior on the timeline table. Both horizontal and vertical scrolls are now visible.

  • Card layouts are now evenly distributed across the page for a cleaner look. Also, a new icon has been introduced for "no result" in the dashboard.

...

Improved user verification
Status
colourBlue
titleIMPROVED

We have improved the SAML workspace setup process by introducing a mandatory user verification step. This ensures that only for creating or joining new SAML workspaces. Only authorized users can create or join a new SAML workspace.

Improved

...

filtering for the filter/JQL share view
Status
colourBlue
titleIMPROVED

Added text input support for label filtering in JQL. Previously, labels couldn't have spaces or special characters, causing errors. This restriction has been removed, allowing more flexible label usage.

...

You can now filter by additional fields, including user, project, and status, allowing for more precise searches.

Improved user experience
Status
colourBlue
titleIMPROVED

Added strikethrough text to the status of issues marked as "Done" on both boards and custom boards. This enhancement visually distinguishes completed tasks from ongoing ones, improving clarity.

Improved Link Management: Drag and Drop for Order
Status
colourBlue
titleIMPROVED

...

  • In Global Settings - Page Customization, links can now be rearranged via drag-and-drop

...

Added Confirmation Popup for "Restore Default Values"
Status
colourBlue
titleIMPROVED

...

  • . Also, We added a confirmation popup for the "Restore all default values?" button

...

Updated the column name in the shared_issue table from if_share_link_enabled to share_link_enabled to remove confusion caused by the "if_" prefix, which incorrectly suggested it was an issue field.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-1023

Decategorized Configuration View
Status
colourBlue
titleIMPROVED

Removed category-based filtering in configuration views, making all configurations visible regardless of the selected share type. This ensures that JSM-specific options are accessible when share types include support tickets, improving usability across all views.

Updated Scroll Behavior for Timeline Table
Status
colourBlue
titleIMPROVED

Changed the scroll behavior on the timeline table to always display the horizontal scroll. Both horizontal and vertical scrolls are now visible, similar to Jira’s table layout.

Redesigned error pages for detailed information
Status
colourBlue
titleIMPROVED

Error pages are redesigned to view issue with respective message like license expired, Atlassian reload required, version mismatch. Applied for a view for both light and dark mode.

Bug Fixes (blue star)

...

  • to prevent accidental resets.

...

  • We have redesigned error pages with more detailed information.

  • We replaced the markdown editor with a custom editor, allowing for more customized comment formatting.

Bug Fixes (blue star)

Security Fixes
Status
colourGreen
titleFIXED

Resolved a null pointer occurring in the filter view when time tracking fields are null. Now, the system safely handles null fields, preventing crashes in the filter view.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-1137

...

Fixed issues where unauthorized users could delete shares or change board settings, and corrected a security issue so attackers won’t be able to access or change settings.

Fixed XSS vulnerability
Status
colourGreen
titleFIXED

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-1130

...

Resolved an XSS vulnerability triggered when creating an external share link with a project name containing an XSS payload.

Fixed SMTP issue
Status
colourGreen
titleFIXED

We resolved an issue where the comment author prefix was not appearing in Jira when comments were added via External Share. After the fix, comments now correctly display the author's name.

Comment window in es link overlaps with other fields when a window is small
Status
colourGreen
titleFIXED

Make a small window in you browser

Observe the behavior

...

Fixed an issue where custom email settings blocked notifications from being sent to users.

Fixed filter error
Status
colourGreen
titleFIXED

Previously, when users entered a project name in the search input, an error page was displayed. After the fix, the system now correctly displays issues or results from the searched project as expected. Additionally, filtering using multiple projects via JQL is now fully supported without errors.

Unauthorized Share Deletion Vulnerability Fixed
Status
colourGreen
titleFIXED

We addressed a critical security issue where users with customer privileges in a Jira Service Desk portal could delete external shares, even without direct Jira access. The vulnerability allowed customers to obtain a valid JWT and delete shares created by Jira administrators, compromising the integrity of shared information. This issue has now been fixed, and external shares are secured from unauthorized deletion. All operations related to shares—list, get, update, delete, and email notifications—have been thoroughly tested and verified to function correctly across different pages and roles.

Unauthorized Modification of Board Card Settings Vulnerability Fixed
Status
colourGreen
titleFIXED

We addressed a security vulnerability where a "customer" user, self-registered on a Jira helpdesk portal, could modify the board card settings in Jira without direct access to the system. The issue allowed attackers to obtain a valid JWT and manipulate the configuration of board cards, compromising the integrity of external shares. This vulnerability has been resolved, ensuring that only authorized users can modify board card layouts, and external attackers are now blocked from altering these settings.

Cross-Instance IDOR Vulnerability Fixed in Jira Share Settings
Status
colourGreen
titleFIXED

We resolved a critical broken access control vulnerability in the Jira external share application that allowed an attacker from one Jira instance to modify external share settings in a different Jira instance. This vulnerability occurred when attackers used the GID (globally unique identifier) of a share to alter settings, such as changing the board configuration, issue displays, and permissions, compromising the confidentiality and integrity of shared data.

With this fix, external share settings are now protected from unauthorized cross-instance modifications, ensuring that only users with proper permissions can alter these settings.

Cross-Instance IDOR Vulnerability Fixed: Unauthorized Access to Jira API Key Usage History
Status
colourGreen
titleFIXED

We fixed a severe cross-instance IDOR (Insecure Direct Object Reference) vulnerability in the Jira external share application. This flaw allowed attackers to access the API key usage history of any other Jira instance. The issue occurred when an attacker, authenticated in their own Jira instance, could use a JWT to retrieve sensitive information, such as request details, IP addresses, user agents, and API key activity from a victim's Jira instance.

With the fix, the confidentiality of API key usage data is protected, and only authorized users within the same instance can access this sensitive information.

Fixed Issue with allowCreateNewIssue Field Not Set During Share Creation
Status
colourGreen
titleFIXED

We resolved an issue where the allowCreateNewIssue field was not being set during the creation of a new share in Jira. This caused the permission to create new issues via the external share to remain disabled by default. After the fix, the allowCreateNewIssue field is correctly set during share creation, ensuring that the intended permissions are applied consistently.

...

. Also, fixed an issue where null values in time tracking fields caused crashes in the filter view.

CSS Fixes
Status
colourGreen
titleFIXED

...

  • Fixed

...

Status
colourGreen
titleFIXED

...

  • an

...

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-1071

Extracted Email Carrier Module
Status
colourGreen
titleFIXED

...

  • issue where extra space appeared when using the "Group By" filter on

...

  • board

...

  • .

...

Fixed Extra Space in Board Share Group By Filter
Status
colourGreen
titleFIXED

Resolved an issue where extra space appeared when using the "Group By" filter on boards and custom board shares for fields like Epic and Assignee.

SMTP Fix for Watcher Notifications
Status
colourGreen
titleFIXED

Fixed an issue where custom SMTP settings blocked watcher notifications to external users. Notifications now work correctly with any SMTP setup.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-1015

...

...

  • Fixed wrong color text format tab appeared in dark mode.

  • Fixed display issues where icons for issue types were not showing up properly in shared links.

  • Fixed an issue where long text and code snippets overflowed in the comment section.

...

Fixed comment issue
Status
colourGreen
titleFIXED

Resolved Fixed an issue where extra space appeared when using the "Group By" filter on boards and custom board shares for fields like Epic and Assignee.

Fixed Issue Type Icons Not Displayed in Shared Links
Status
colourGreen
titleFIXED

Sometimes, issue type icons were not shown on the board, issue view, JQL, and roadmap when opening a shared link without logging into ESFJ. This issue has been resolved, and icons now display properly.

Fixed XSS Vulnerability in External Share Link Creation
Status
colourGreen
titleFIXED

Resolved an XSS vulnerability triggered when creating an external share link with a project name containing an XSS payload. This prevents malicious scripts from executing in shared links.

...

the author's name was missing from comments.

Fixed multiple submission issue
Status
colourGreen
titleFIXED

The 'Create ES External Share Board' button is now disabled and greyed out immediately after the first click to prevent multiple submissions caused by repeated clicks during a delayed response.

Fixed Text and Code Snippet Overflow in Comment Section
Status
colourGreen
titleFIXED

Resolved an issue where long text and code snippets overflowed in the comment section. Now, both text and code snippets are properly contained within the comment section without causing overflow, improving readability and layout.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-629

Fixed White Text Format Tab in Dark Mode on Create Issue Tab
Status
colourGreen
titleFIXED

Resolved an issue where the text format tab appeared white in the "Create Issue" tab on the Board/Timeline External share page in Dark mode. The text format tab now displays correctly, ensuring proper visibility in Dark mode.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-616

Replaced Comment Editor with Contract Signature WYSIWYG
Status
colourGreen
titleFIXED

Swapped the current markdown editor for our custom Contract Signature WYSIWYG editor for comments and description editing. This change introduces better customization options, a tailored toolbar, and improved ADF ↔︎ HTML conversion, enhancing the overall user experience.

Jira Legacy
serverSystem Jira
serverIdb66650ca-af1e-397f-81f5-9d94924a0a26
keyESFJ-325

Added JQL Filter by Field
Status
colourGreen
titleFIXED

Introduced filtering by fields visible in the table, including text fields for User (without autocomplete), Project, Label, Priority, Status, Issue Type, and date-time pickers for filtering by after/before. Additionally, fields like Fix Version and Components are included for more precise searches.

Jira LegacyserverSystem JiraserverIdb66650ca-af1e-397f-81f5-9d94924a0a26keyESFJ-166due to delayed response.