Issue Summary:

In Jira 10, webhooks do not preserve URL encoding after being triggered, causing potential failures in processing by external services.

Steps to Reproduce:

• Upgrade to, or performa clean installation of, Jira 10.0.0

• Configure a webhook with a URL containing the %3D characters.
  Example:

  https://webhook.site/87749b79-cde2-4add-91da-4538b46f01ec/TOKEN=%3D 

• Trigger the webhook to send a request.

Expected Results:

The webhook request should preserve URL encoding in the query parameters, resulting in a correctly formatted URL:

POST /87749b79-cde2-4add-91da-4538b46f01ec/TOKEN=%3D?

 
Actual Results:
In Jira 10.0.0 and later, the webhook request does not preserve URL encoding, resulting in an incorrect URL:

POST /87749b79-cde2-4add-91da-4538b46f01ec/TOKEN== HTTP/1.1

 
Impact:

This bug affects the functionality of webhooks that rely on special characters being URL-encoded, potentially leading to authentication failures and disruptions in integrations with external services.

Workaround:

Try one of the following workarounds to address the issue:

1. Secure admin webhooks: Use this feature to avoid passing security tokens via URLs.
2. Re-generate tokens: Generate new tokens until they don't contain problematic characters like `%3D`.
3. Outbound HTTP/S proxy: Use a network proxy to re-write webhook URLs for proper encoding.

These options provide temporary solutions until a permanent fix is available.

For customers using Jira 10.3.5 LTS and higher, or Jira 10.6.0 and higher (note: not 10.4.x or 10.5.x), you can activate the fix by enabling the system property (i.e. setenv.sh file):

-Dplugin.webhooks.skip.url.reencoding=true

This property is automatically enabled starting from Jira 10.7.0.