Details
-
Bug
-
Resolution: Fixed
-
High
-
3.12, 3.12.1, 3.12.2, 3.12.3, 3.13, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 4.0, 4.0.1, 4.0.2, 4.1
-
3.12
-
Description
JIRA contains a number of support related JSPs that have been added over the years. They were mostly for fighting spam and other support related tasks. Unfortunately none of these were ever tested very much and contain a lot of XSS holes. They are:
- groupnames.jsp
- indexbrowser.jsp
- classpath-debug.jsp
- viewdocument.jsp
- cleancommentspam.jsp
- plugin-bundles.jsp
They should all be removed from JIRA unless we make a concentrated effort on integrating the functionality that they provide into the product!
Attachments
Issue Links
- details
-
JRASERVER-21086 Quality Review for 4.1.2
- Closed
-
JRASERVER-21087 Quality Review for 4.2
- Closed