Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71214

Webhook calls fail if destination URL contains special characters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 10.7.0, 11.0.0
    • 7.13.11
    • Webhooks
    • None
    • 7.13
    • 5
    • Severity 3 - Minor
    • Hide
      Atlassian Update – 16 April 2025

      Dear Customers,

      We’re pleased to announce that the issue with webhook URL handling has been addressed in Jira 10.7.0.

      These improvements ensure that:

      1. Configured callback URLs are processed as-is, with no additional encoding or decoding applied. For example, %25=%3D%3D remains %25=%3D%3D.
      2. All substitution values (e.g., modifiedUser.name) are escaped, so %25=%3D%3D becomes %2525=%253D%253D, ensuring a user with a funny name will not break the URL.

      For customers using Jira 10.3.5 LTS and higher, or Jira 10.6.0 and higher (note: not 10.4.x or 10.5.x), you can achieve the same behavior by enabling the system property:

      plugin.webhooks.skip.url.reencoding=true

      This property is automatically enabled in Jira 10.7.0.

      Best regards, 
      Daniel Rauf 
      Software Engineer

      Show
      Atlassian Update – 16 April 2025 Dear Customers, We’re pleased to announce that the issue with webhook URL handling has been addressed in Jira 10.7.0. These improvements ensure that: 1. Configured callback URLs are processed as-is, with no additional encoding or decoding applied. For example, %25=%3D%3D remains %25=%3D%3D . 2. All substitution values (e.g., modifiedUser.name ) are escaped, so %25=%3D%3D becomes %2525=%253D%253D , ensuring a user with a funny name will not break the URL. For customers using Jira 10.3.5 LTS and higher, or Jira 10.6.0 and higher ( note: not 10.4.x or 10.5.x ), you can achieve the same behavior by enabling the system property: plugin.webhooks.skip.url.reencoding= true This property is automatically enabled in Jira 10.7.0. Best regards,  Daniel Rauf  Software Engineer

      Summary

      There are cases where base64 code is needed to be sent as a URL argument on the JIRA webhook so that JIRA can authentic to the recipient webhook server. Special characters on these URL arguments are not sent out properly from JIRA.

      Steps to Reproduce

      • Create a webhook in JIRA
      • Specify a URL argument containing special characters. (i.e. code=asdasohdoasdoasd==)
      • Trigger the event

      Expected Results

      Special characters should be sent as part of the URL arguments.

      Actual Results

      Format Webhook URL Received
      Plain Text https://www.webhhook_server.com/endpoint?code=asdasohdoasdoasd==&test=test POST /endpoint?code=asdasohdoasdoasd&test=test&user_id=admin&user_key=admin
      URL Encoded https://www.webhhook_server.com/endpoint?code=asdasohdoasdoasd%3D%3D POST /endpoint?code=asdasohdoasdoasd%253D%253D&user_id=admin&user_key=admin

      Notes

      This can happen more frequently with endpoints generated on Azure. Usually, the generated endpoint will end with double equal signs, which are removed when the webhook is fired by JIRA.

      Workaround

      • This workaround already worked for a few customers affected by the BUG, it consists in trying to generate another authorization key in the Azure side making sure that it doesn't contain any special characters.

      For customers using Jira 10.3.5 LTS and higher, or Jira 10.6.0 and higher (note: not 10.4.x or 10.5.x), you can activate the fix by enabling the system property:

      plugin.webhooks.skip.url.reencoding=true

      This property is automatically enabled starting from Jira 10.7.0.

              drauf Daniel Rauf
              clevine Chris Levine
              Votes:
              8 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: