[JRASERVER-67979] Deprecate support for authenticating using os_username, os_password as url query parameters

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.0.0
Affects Version/s: 7.12.2
Component/s: Login
Labels:

Introduced in Version:
7.12
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy
Current Status:

Hide

Atlassian Update – 21 December 2018

Dear Jira users,

We’re glad to announce that this issue will be addressed in our upcoming 8.0 release.

You can find more details about our 8.0 beta release here — https://community.developer.atlassian.com/t/beta-for-jira-8-0-is-up-for-grabs/25588

Looking forward to your feedback!

Kind regards,
Syed Masood
Product Manager, Jira Server and Data Center

Show
Atlassian Update – 21 December 2018 Dear Jira users, We’re glad to announce that this issue will be addressed in our upcoming 8.0 release. You can find more details about our 8.0 beta release here — https://community.developer.atlassian.com/t/beta-for-jira-8-0-is-up-for-grabs/25588 Looking forward to your feedback! Kind regards, Syed Masood Product Manager, Jira Server and Data Center

Problem

Support for using os_username and os_password to authenticate when used as url query parameters has been deprecated in Jira 8.0.0.

It is possible to disable support for os_username & os_password as url query parameters for authentication by setting allowUrlParameterValue to false in <JIRA_install>/atlassian-jira/WEB-INF/web.xml .
example:

    <filter>
        <filter-name>login</filter-name>
        <filter-class>com.atlassian.jira.web.filters.JiraLoginFilter</filter-class>
        <init-param>
            <param-name>allowUrlParameterValue</param-name>
            <param-value>false</param-value>
        </init-param>
    </filter>

relates to

JRASERVER-38548 Remove url parameter support for os_username, os_password

Closed

mentioned in: Jira Software 8.14.x upgrade notes; Jira Core 8.14.x upgrade notes; Jira Service Management 4.14.x upgrade notes; Page Failed to load; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 mentioned in)

Patrick Turbett made changes - 22/Nov/2023 1:09 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 840380 ]

Tiziana Marchionni made changes - 12/Jul/2023 1:35 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 788100 ]

Mateusz Marzęcki made changes - 30/Jan/2023 2:32 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 726307 ]

Tomasz Bartyzel made changes - 25/Jan/2021 10:07 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 527233 ]

Tomasz Bartyzel made changes - 25/Jan/2021 9:51 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 527233 ]

Tomasz Bartyzel made changes - 20/Nov/2020 11:23 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 516451 ]

Tomasz Bartyzel made changes - 17/Nov/2020 7:46 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 515961 ]

Tomasz Bartyzel made changes - 17/Nov/2020 7:02 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 515960 ]

Ignat (Inactive) made changes - 28/Jan/2020 8:34 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 468765 ]

Said made changes - 11/Dec/2019 1:07 AM

Labels

Original: advisory-released exclude-from-security-metrics-page improper-authentication improper-authorization security triaged

New: advisory-released basm exclude-from-security-metrics-page improper-authentication improper-authorization security triaged

Assignee:: Unassigned

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 8 Start watching this issue

Created:: 21/Sep/2018 10:27 AM

Updated:: 22/Nov/2023 1:09 PM

Resolved:: 11/Feb/2019 12:36 PM

Jira Data Center

Details

Description

Problem

Attachments

Issue Links

Forms

Activity

People

Dates