Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-4246

Cannot comment on other project anymore with email containing the project key in the subject

XMLWordPrintable

      Summary

      Before JSD 3.2.0 when customer sends an email to the email channel configured in project A with a subject containing the issue key of project B, JIRA will add this email as a comment to the issue in project B.
      This behavior has been changed since JSD 3.2.0 in which JIRA will create a new issue in project A instead of adding a new comment to the issue in project B.

      Steps to Reproduce

      1. Create two projects TestA and TestB with respectively the project key TA and TB.
      2. Configure a mail channel in project TA.
      3. Create a new ticket in project TB (note down the issue key, for example, TB-2).
      4. Send an email to the mail channel configured for project TA with the subject : "Test comment [TB-2]"

      Expected Results

      A new comment should be added to ticket TB-2

      Actual Results

      A new issue is created in project TA with summary "Test comment [TB-2]"

        1. 2016-09-20_doc.png
          74 kB
          Chen Mao

          Form Name

            [JSDSERVER-4246] Cannot comment on other project anymore with email containing the project key in the subject

            Ed Letifov [TechTime - New Zealand] added a comment -

            Agree with the previous 3 comments, further this is a security and privacy concern.

            If a hacker somehow guesses the project key for another unrelated project and emails a public service desk with a forged email that contains that other project key in the subject - it is most definitely NOT OK to let this comment on that other otherwise hidden and protected project.

            I also have a real life example from our customer (a support organisation themselves) where they are desperately trying to make their JIRA Service Desk to talk to their customer's JIRA Service Desk. If the other JSD were using a key that matches another unrelated project in my JSD, the fact that my email channel ingest just goes and comments on that other project just because the key matches - this would be a major security and privacy problem.

            I am adding the comment above and my vote to JSDSERVER-5214 where the change to make this configurable is being tracked. Anyone who wanders here, searching for a solution - please add your vote to JSDSERVER-5214

            Ed Letifov [TechTime - New Zealand] added a comment - Agree with the previous 3 comments, further this is a security and privacy concern. If a hacker somehow guesses the project key for another unrelated project and emails a public service desk with a forged email that contains that other project key in the subject - it is most definitely NOT OK to let this comment on that other otherwise hidden and protected project. I also have a real life example from our customer (a support organisation themselves) where they are desperately trying to make their JIRA Service Desk to talk to their customer's JIRA Service Desk. If the other JSD were using a key that matches another unrelated project in my JSD, the fact that my email channel ingest just goes and comments on that other project just because the key matches - this would be a major security and privacy problem. I am adding the comment above and my vote to  JSDSERVER-5214 where the change to make this configurable is being tracked. Anyone who wanders here, searching for a solution - please add your vote to  JSDSERVER-5214

            Vikki Short added a comment - - edited

            I also agree that any emails sent to the Service Desk email address (e.g. project AAA) should NOT add comments to issues in other projects (e.g. project BBB).

            As Darath Sreng said, we get emails coming into our Service Desk that mention other issues in different projects in the subject line, but, as the Service Desk email address is only linked to the Service Desk project, I would expect it to ignore the fact that the issue exists in another project. Instead, it should create a Service Desk issue in the Service Desk project (see the expected results in -JSDSERVER-3843-). If a user wants to add a comment to the issue in the non-Service Desk project, then they should be sending an email to the address linked to that project instead.

            See my support request #SDS-22261 for further information.

            I've created JSDSERVER-5263 to suggest a change to this functionality.

            Vikki Short added a comment - - edited I also agree that any emails sent to the Service Desk email address (e.g. project AAA) should NOT add comments to issues in other projects (e.g. project BBB). As Darath Sreng said, we get emails coming into our Service Desk that mention other issues in different projects in the subject line, but, as the Service Desk email address is only linked to the Service Desk project, I would expect it to ignore the fact that the issue exists in another project. Instead, it should create a Service Desk issue in the Service Desk project (see the expected results in - JSDSERVER-3843 -). If a user wants to add a comment to the issue in the non-Service Desk project, then they should be sending an email to the address linked to that project instead. See my support request #SDS-22261 for further information. I've created JSDSERVER-5263 to suggest a change to this functionality.

            darath sreng added a comment -

            I agree with Bryan Bai on this. The support request I opened for this is #SDS-24536.

            We are using JIra servicedesk to process support email, but this "fix" is having an adverse effect where incoming emails can get processed outside the JSD project when email subject contains other project key.

            In the case where our customer just want an update to "anotherproject#1234", their email get appended to "anotherproject#1234" instead of creating a new request for support team to handle the request.  

            darath sreng added a comment - I agree with Bryan Bai on this. The support request I opened for this is #SDS-24536. We are using JIra servicedesk to process support email, but this "fix" is having an adverse effect where incoming emails can get processed outside the JSD project when email subject contains other project key. In the case where our customer just want an update to "anotherproject#1234", their email get appended to "anotherproject#1234" instead of creating a new request for support team to handle the request.  

            Bryan Bai added a comment -

            I don't agree the fix of bug, because the mail channel always dedicated to JIRA SD project, so it should only create ticket within this SD project instead of add comment to other non-SD project.

            Most case non-SD jira project will use global email address to send notification, and user will reply to this global email address to add a comment.

             

            I submitted a support request: https://getsupport.atlassian.com/servicedesk/customer/portal/3/SDS-22714

             

            ur jira service desk project(AAA) using SD mail handler for incoming email to ticket. it works well. but if the email subject include ticket number (BBB-123), the mail handler ( for AAA project only) will also update the BBB-123 ticket as comment rather than create a new ticket in AAA project.

            for me this is a confusion about the project specific email handler and general JIRA handler. the project specific email handler should only serve against specific SD project.

            Bryan Bai added a comment - I don't agree the fix of bug, because the mail channel always dedicated to JIRA SD project, so it should only create ticket within this SD project instead of add comment to other non-SD project. Most case non-SD jira project will use global email address to send notification, and user will reply to this global email address to add a comment.   I submitted a support request: https://getsupport.atlassian.com/servicedesk/customer/portal/3/SDS-22714   ur jira service desk project(AAA) using SD mail handler for incoming email to ticket. it works well. but if the email subject include ticket number (BBB-123), the mail handler ( for AAA project only) will also update the BBB-123 ticket as comment rather than create a new ticket in AAA project. for me this is a confusion about the project specific email handler and general JIRA handler. the project specific email handler should only serve against specific SD project.

            Matthew McMahon (Inactive) added a comment -

            The release of this fix has unfortunately been delayed, but will be included within JSD 3.2.5.

            Fix Version of this ticket has been updated accordingly.

            Apologies for any inconvenience.

            Matthew McMahon (Inactive) added a comment - The release of this fix has unfortunately been delayed, but will be included within JSD 3.2.5. Fix Version of this ticket has been updated accordingly. Apologies for any inconvenience.

            Christopher Laa added a comment -

            Matthew McMahon [Atlassian] added a comment - 12/Oct/2016 3:03 AM

            As of JSD 3.2.3 this functionality should be restored for cross project commenting between Service Desk projects, as long as the sender has commenting permission on the issue.

            Bug still present in JSD 3.2.3. Tested in JIRA Software 7.2.1 and JIRA Software 7.2.3.

            Christopher Laa added a comment - Matthew McMahon [Atlassian] added a comment - 12/Oct/2016 3:03 AM As of JSD 3.2.3 this functionality should be restored for cross project commenting between Service Desk projects, as long as the sender has commenting permission on the issue. Bug still present in JSD 3.2.3. Tested in JIRA Software 7.2.1 and JIRA Software 7.2.3.

            Matthew McMahon (Inactive) added a comment -

            We have identified the problem. This change in behaviour was due to a fix for JSD-3843.

            As of JSD 3.2.3 this functionality should be restored for cross project commenting between Service Desk projects, as long as the sender has commenting permission on the issue.

            As of JSD 3.3.0 there will be improved functionality for cross project commenting, as the Service Desk mail handler will also be able to comment on non Service Desk projects, as long as the sender has permission to comment on that issue.

            Regards
            Matt
            JIRA Service Desk developer

            Matthew McMahon (Inactive) added a comment - We have identified the problem. This change in behaviour was due to a fix for JSD-3843 . As of JSD 3.2.3 this functionality should be restored for cross project commenting between Service Desk projects, as long as the sender has commenting permission on the issue. As of JSD 3.3.0 there will be improved functionality for cross project commenting, as the Service Desk mail handler will also be able to comment on non Service Desk projects, as long as the sender has permission to comment on that issue. Regards Matt JIRA Service Desk developer

            Alex Cox added a comment -

            This bug also affects 3.2.1.

             

            Configuring an Incoming Mail Handler under system settings (rather than project email requests) doesn't resolve the issue.

            Alex Cox added a comment - This bug also affects 3.2.1.   Configuring an Incoming Mail Handler under system settings (rather than project email requests) doesn't resolve the issue.

              mmcmahon Matthew McMahon (Inactive)
              cmao Chen Mao (Inactive)
              Affected customers:
              7 This affects my team
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: