Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Summary 🌟

In this release note, we’ve improved the contract creation UI and security by masking sensitive data, and redesigned various UI elements including error pages and icons. As for bug fixes, XSS vulnerabilities, OAuth errors and unauthorized access from Jira Service Desk customer session tokens resolved.

Improvements (blue star)

Improved UI for adding new signers when creating contract IMPROVED

Previously on the contract creation view, it was essential to define numbers of signers, click “Create,” and then move to a dialog to fill in signer details. Now users are taken directly to the contract details screen, where they can add signers.

CSFJ copy.png

Improved security by masking of sensitive data IMPROVED

We have improved the security of our system by masking sensitive data. This includes IP Addresses, name, phone numbers, secrets. They are now masked in the .toString() method.

Redesigned icon for 'no result' in dashboard IMPROVED

We have replaced old icon with magnifier icon.

2_2.png

Improved security verification IMPROVED

We have introduced an additional security check in the AtlassianAuthHandler by verifying a special boolean condition URL parameter. This enhancement ensures that direct calls from Atlassian Jira to our app maintain security integrity without impacting functionality.

Redesigned error pages for detailed information IMPROVED

Error pages are redesigned to view issue with respective message like license expired, Atlassian reload required, version mismatch. Applied for a view for both light and dark mode.

Untitled3.png

Bug Fixes (blue star)

Fixed XSS vulnerability in the “person” name field FIXED

We have resolved a stored XSS vulnerability in the "Person" name field on contract pages.

Fixed OAuth Error FIXED

We resolved an issue where users encountered a 400 Bad Request error. The fix ensures preventing unauthorized requests.

Fixed unauthorized access from Jira Service Desk customer session token FIXED

We have fixed an issue where Jira Service Desk customers with "customer" privileges could access contracts linked to their requests without authorization. Now, only authorized users can access and manage contracts, preserving the confidentiality of sensitive contractual information and preventing unauthorized actions.

  • No labels