Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.13.0, 8.12.3, 8.14.0
Affects Version/s: 7.6.15, 8.5.4, 7.13.13, 8.9.0
Component/s: Web Resources Manager
Labels:

Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

This ticket documents an improvement to the Velocity Uberspector's security, locking down which classes can be accessed. This change is a defence-in-depth against potential Remote Code Execution (RCE) and Injection attacks.

The versions which do not have this improvement are before version 8.12.3.

Pre-improvement versions:

version < 8.12.3

Improved versions:

8.12.3
8.13.0
8.14.0

Attachments

Activity

People

Assignee:: Pawel Przytarski

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Due:: 06/Oct/2020

Created:: 11/Oct/2020 11:20 PM

Updated:: 28/Oct/2020 5:45 PM

Resolved:: 11/Oct/2020 11:30 PM