Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.15.0
Affects Version/s: 7.6.15, 7.13.13, 8.0.0, 8.1.2, 8.5.4, 8.8.0
Component/s: Infrastructure & Services - Application Lifecycle
Labels:

Introduced in Version:
7.06
Support reference count:
19
Symptom Severity:
Severity 3 - Minor
UIS:
28
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Currently, Jira runs with jQuery version 2.2.4, which is susceptible to the following vulnerabilities:

https://nvd.nist.gov/vuln/detail/CVE-2020-11023
https://nvd.nist.gov/vuln/detail/CVE-2020-11022

Steps to Reproduce

-

Expected Results

We should update the version of jQuery to at least version 3.5.0, where these vulnerabilities are no longer present.

Actual Results

Jira uses jQuery version 2.2.4

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

relates to

JRASERVER-72273 Public documentation for the fixes included in the jQuery custom version

Gathering Interest

BBSDEV-22653 Loading...

MNSTR-4299 Loading...

MNSTR-4482 Loading...

MNSTR-4578 Loading...

is cloned by: MNSTR-4265 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 is cloned by, 5 mentioned in)

Assignee:: Maciej Rzymski

Reporter:: Lucas Bugs

Votes:: 0 Vote for this issue

Watchers:: 16 Start watching this issue

Due:: 22/Jan/2021

Created:: 04/Jun/2020 8:13 PM

Updated:: 12/Aug/2025 12:53 AM

Resolved:: 02/Feb/2021 9:16 AM