Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71499

JQL search for 2 wildcards(*) characters not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a bug
    • Icon: Low Low
    • None
    • 7.13.16, 8.5.7, 8.10.2, 8.11.1, 8.12.0
    • JQL
    • None
    • 7.13
    • 2
    • Severity 3 - Minor
    • 1
    • Hide
      Atlassian Update – 23 Nov 2020

      Hi everyone,
      Allowing only 1 wildcard per value in JQL search queries was introduced in versions 7.13.16, 8.5.7, 8.10.2, 8.11.1 and 8.12.0 as part of security bug fix, in order to mitigate the risk of DoS attacks. The affected versions of Jira Server and Data Center allowed remote attackers to impact the application’s availability via a Regex-based Denial of Service vulnerability in JQL version searching. We are not planning to introduce the multi-wildcard notation back to Jira Server and Data Center at this time. If you would like to learn more about this issue, please see the corresponding ticket: https://jira.atlassian.com/browse/JRASERVER-71112
      Thank you,
      Daria Misiowiec,
      Jira Server Developer

      Show
      Atlassian Update – 23 Nov 2020 Hi everyone, Allowing only 1 wildcard per value in JQL search queries was introduced in versions 7.13.16, 8.5.7, 8.10.2, 8.11.1 and 8.12.0 as part of security bug fix, in order to mitigate the risk of DoS attacks. The affected versions of Jira Server and Data Center allowed remote attackers to impact the application’s availability via a Regex-based Denial of Service vulnerability in JQL version searching. We are not planning to introduce the multi-wildcard notation back to Jira Server and Data Center at this time. If you would like to learn more about this issue, please see the corresponding ticket:  https://jira.atlassian.com/browse/JRASERVER-71112 .  Thank you, Daria Misiowiec, Jira Server Developer

      Issue Summary

      JQL search for 2 wildcards (*) characters not working. it's throwing a warning saying We only allow 1 wildcard per value. Limit the number of wildcards in '"2020.03.00"' to run the query.

      Steps to Reproduce

      1. Create issues with affected versions (Example:2020.03.00,{{2020.03.0001,2020.03.002}})
      2. Try to do Advanced search using JQL affectedVersion ~ "2020.03.00"

      We tested it in our local instance and here are our findings:

      • It works fine in the version 8.9.1
      • It also works fine in the version 8.11.0
      • However, it's throwing an error while trying the same JQL in Jira version 8.11.1.
      • This bug is reproducible in Jira version 8.12 as well

      Expected Results

      It should return issues

      Actual Results

      it's throwing a warning We only allow 1 wildcard per value. Limit the number of wildcards in '"2020.03.00"' to run the query.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

        1. Screenshot 2020-08-31 at 8.41.11 PM.png
          Screenshot 2020-08-31 at 8.41.11 PM.png
          362 kB
        2. Screenshot 2020-08-31 at 8.41.20 PM.png
          Screenshot 2020-08-31 at 8.41.20 PM.png
          376 kB
        3. Screenshot 2020-09-01 at 8.21.16 AM.png
          Screenshot 2020-09-01 at 8.21.16 AM.png
          407 kB
        4. Screenshot 2020-09-01 at 8.30.18 AM.png
          Screenshot 2020-09-01 at 8.30.18 AM.png
          392 kB

              Unassigned Unassigned
              dgedda@atlassian.com Devisree Gedda
              Votes:
              12 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: