-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
In our instance of Jira we are using the security level field as the basis of our security scheme and we are able to control who sees security issues at various levels.
However, when a reporter creates a security issue, the summary and description of the issue are passed back to the reporter and potential watchers in a clear text email. Subsequent changes to the issue are also reported in emails. A diligent attacker could monitor such emails.
It would be good if there was a simple way to control the content of emails sent when the security level is set.
Our current workaround is to use an alternate notification system that allows greater control, but a simpler built-in solution would benefit all users.
- relates to
-
JRACLOUD-37581 Jira sends clear text emails with details even when an issue has a non-public issue security scheme
- Closed
-
JRASERVER-4742 Being able to create notification groups based on "Issue Type"
- Gathering Interest