Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-4246

Cannot comment on other project anymore with email containing the project key in the subject

      Summary

      Before JSD 3.2.0 when customer sends an email to the email channel configured in project A with a subject containing the issue key of project B, JIRA will add this email as a comment to the issue in project B.
      This behavior has been changed since JSD 3.2.0 in which JIRA will create a new issue in project A instead of adding a new comment to the issue in project B.

      Steps to Reproduce

      1. Create two projects TestA and TestB with respectively the project key TA and TB.
      2. Configure a mail channel in project TA.
      3. Create a new ticket in project TB (note down the issue key, for example, TB-2).
      4. Send an email to the mail channel configured for project TA with the subject : "Test comment [TB-2]"

      Expected Results

      A new comment should be added to ticket TB-2

      Actual Results

      A new issue is created in project TA with summary "Test comment [TB-2]"

            [JSDSERVER-4246] Cannot comment on other project anymore with email containing the project key in the subject

            Owen made changes -
            Workflow Original: JSD Bug Workflow v5 - TEMP [ 2304589 ] New: JAC Bug Workflow v3 [ 3125953 ]
            Status Original: Done [ 10044 ] New: Closed [ 6 ]
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]

            Agree with the previous 3 comments, further this is a security and privacy concern.

            If a hacker somehow guesses the project key for another unrelated project and emails a public service desk with a forged email that contains that other project key in the subject - it is most definitely NOT OK to let this comment on that other otherwise hidden and protected project.

            I also have a real life example from our customer (a support organisation themselves) where they are desperately trying to make their JIRA Service Desk to talk to their customer's JIRA Service Desk. If the other JSD were using a key that matches another unrelated project in my JSD, the fact that my email channel ingest just goes and comments on that other project just because the key matches - this would be a major security and privacy problem.

            I am adding the comment above and my vote to JSDSERVER-5214 where the change to make this configurable is being tracked. Anyone who wanders here, searching for a solution - please add your vote to JSDSERVER-5214

            Ed Letifov [TechTime - New Zealand] added a comment - Agree with the previous 3 comments, further this is a security and privacy concern. If a hacker somehow guesses the project key for another unrelated project and emails a public service desk with a forged email that contains that other project key in the subject - it is most definitely NOT OK to let this comment on that other otherwise hidden and protected project. I also have a real life example from our customer (a support organisation themselves) where they are desperately trying to make their JIRA Service Desk to talk to their customer's JIRA Service Desk. If the other JSD were using a key that matches another unrelated project in my JSD, the fact that my email channel ingest just goes and comments on that other project just because the key matches - this would be a major security and privacy problem. I am adding the comment above and my vote to  JSDSERVER-5214 where the change to make this configurable is being tracked. Anyone who wanders here, searching for a solution - please add your vote to  JSDSERVER-5214
            Vikki Short made changes -
            Link New: This issue is related to JSDSERVER-5263 [ JSDSERVER-5263 ]

            Vikki Short added a comment - - edited

            I also agree that any emails sent to the Service Desk email address (e.g. project AAA) should NOT add comments to issues in other projects (e.g. project BBB).

            As Darath Sreng said, we get emails coming into our Service Desk that mention other issues in different projects in the subject line, but, as the Service Desk email address is only linked to the Service Desk project, I would expect it to ignore the fact that the issue exists in another project. Instead, it should create a Service Desk issue in the Service Desk project (see the expected results in -JSDSERVER-3843-). If a user wants to add a comment to the issue in the non-Service Desk project, then they should be sending an email to the address linked to that project instead.

            See my support request #SDS-22261 for further information.

            I've created JSDSERVER-5263 to suggest a change to this functionality.

            Vikki Short added a comment - - edited I also agree that any emails sent to the Service Desk email address (e.g. project AAA) should NOT add comments to issues in other projects (e.g. project BBB). As Darath Sreng said, we get emails coming into our Service Desk that mention other issues in different projects in the subject line, but, as the Service Desk email address is only linked to the Service Desk project, I would expect it to ignore the fact that the issue exists in another project. Instead, it should create a Service Desk issue in the Service Desk project (see the expected results in - JSDSERVER-3843 -). If a user wants to add a comment to the issue in the non-Service Desk project, then they should be sending an email to the address linked to that project instead. See my support request #SDS-22261 for further information. I've created JSDSERVER-5263 to suggest a change to this functionality.

            I agree with Bryan Bai on this. The support request I opened for this is #SDS-24536.

            We are using JIra servicedesk to process support email, but this "fix" is having an adverse effect where incoming emails can get processed outside the JSD project when email subject contains other project key.

            In the case where our customer just want an update to "anotherproject#1234", their email get appended to "anotherproject#1234" instead of creating a new request for support team to handle the request.  

            darath sreng added a comment - I agree with Bryan Bai on this. The support request I opened for this is #SDS-24536. We are using JIra servicedesk to process support email, but this "fix" is having an adverse effect where incoming emails can get processed outside the JSD project when email subject contains other project key. In the case where our customer just want an update to "anotherproject#1234", their email get appended to "anotherproject#1234" instead of creating a new request for support team to handle the request.  
            Tzu Hau Chai (Inactive) made changes -
            Link New: This issue relates to JSDSERVER-5214 [ JSDSERVER-5214 ]
            Robin Reidl (Inactive) made changes -
            Link New: This issue relates to JSDSERVER-4307 [ JSDSERVER-4307 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Bug Workflow v5 [ 2058434 ] New: JSD Bug Workflow v5 - TEMP [ 2304589 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Bug Workflow v5 - TEMP [ 2055498 ] New: JSD Bug Workflow v5 [ 2058434 ]

              mmcmahon Matthew McMahon (Inactive)
              cmao Chen Mao (Inactive)
              Affected customers:
              7 This affects my team
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: