Details
-
Bug
-
Resolution: Timed out
-
Low
-
None
-
7.1.7
-
JIRA Standalone on EC2 in Amazon Web Services.
-
7.01
-
Severity 3 - Minor
-
Description
RFC-2396 dictates that the pipe character should be escaped:
" Other characters are excluded because gateways and other transport
agents are known to sometimes modify such characters, or they are
used as delimiters.
unwise = "
{" | "}" | "|" | "\" | "^" | "[" | "]" | "`"
Data corresponding to excluded characters must be escaped in order to
be properly represented within a URI."
Currently, the atl_token cookie in JIRA has a pipe character separating the server from the license ID and the pipe is not escaped. JIRA uses this token to generate some internal applications links, and this is causing issue with our proxy client (Zuul) which does not allow non-compliant characters through.
Some affected functions in JIRA include 'Lougout' and 'Assign to me'; basically any link with the atl_token as a query string causes issues.
The pipe character should be substituted with %7C in the URI.