-
Bug
-
Resolution: Fixed
-
Low
-
7.2.2, 7.2.3, 7.4.2, 8.2.2, 8.13.15, 9.0.0, 8.13.22, 8.20.10
-
7.02
-
150
-
Severity 2 - Major
-
267
-
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
Summary
When using this configuration to allow non-JIRA users to create or comment on issues by email (by setting a default reporter):
- JIRA only accepts the user to add comment on existing issues by adding the Issue Key in the subject of the message -> Expected behavior
- However, When trying to raise a new ticket by email, the message is rejected with the following entries in atlassian-jira-incoming-mail.log, if the email address of the sender is associated to an account in Jira which is either inactive or does not have a license (no application access) -> Unexpected behavior
Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a JIRA application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
Steps to Reproduce
- Allow anonymous access to your project per this KB
- Configure your mail handler as this
- Send an email out to JIRA's mail handler
Expected Behavior
The issue is created with the default reporter according to the mail handler configurations, regardless of the sender of the email is associated to a Jira account or not.
Note on fix
We've changed the behavior of mail plugin: if the reporter is inactive or doesn't have app permission, the default reporter will be used.
Actual Behavior
No issue is created and the following entries appear in atlassian-jira-incoming-mail.log, due to the fact that the mail handler mapped the email address to the existing account, and ignored the default reporter configuration:
Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a JIRA application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
Workaround
- Remove the users impacted from the Jira user base so they can became a real anonymous user so Jira will create the tickets using the Default Reporter configured
OR - Give application access to the users trying to create tickets through the mail channel (you must keep in mind that this will consume a new license for each user that is being granted an application access)
Notes
This issue is not reproducible when the user is adding a new comment to an issue by specifying the Issue Key in the message's subject. That is, the message is added as a comment on the issue.
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Closed
-
-
-
- Closed
-
-
JRASERVER-65191 Improve How Mail Handler Checks the User Permission
- Gathering Interest
-
JRASERVER-72737 Issue watchers continue receiving updates even after their Jira account is revoked - CVE-2021-39119
-
- Published
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
RAID-2959 Loading...
- mentioned in
-
-
-
-
-
-
-