It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

what is batch.js?

Hi JIRA community.

I look after a JIRA Server instance. We recently upgraded to v7.13.0(LTS).

As part of the process our security department uses a tool and scans my test system.

The tool reported what it calls a vulnerability, saying it caused a large amount of "code" to be transferred to the browser.  The name of the code is batch.js.

From the reading I've done, this seems like a pretty common piece of code, that regularly loads into the browers to facilitate some page functionality

I am hoping I can write this off as a "false positive" from the testing tool, and does not constitue a security exposure.

If anyone knows what batch.js is, or if it might contain sensitve data as a result of user activity could you please let me know?

Thanks,

Steve

2 answers

Hi,

as I recall the batch.js is a merger of many js files & functions the Atlassian tools need to work. Instead of requesting each js file on it's own, they batched together to make only a single request to make things faster.

Working with Atlassian tools since more than five years: False positive...

Your security department might want to check the source code which generates the batch.js. You can download the code on your Atlassian license page.

Best

JP

Thank you JP.

Need a bit of time here to investigate more.  Just wanted to thank you for your response.

Steve

Dear @JP _AC Bielefeld Leader_ 

Our dynatrace expert report us that we have some performamce issue with Jira and especially the file /batch.js which take around 36 seconds to get the response time for a file size of 5MB.

We have been request to identify the reason of that issue but hard to identify it as we use Jira as DataCenter has it is.

The only thing we have seen is that GZIP compression is OFF in our Instance settings, does it means to set it ON and improve the all rendering ?

regards 

Hi,

Did you fix that ?

Hi Serge,

We are coming to the same conclusion, also with the help of Dynatrace. In our case, batch.js is 4.83 MB *with compression*, 15.4 MB after decompression. 

Looking at the code, and it's a lot of lines for Zephyr and JEditor. The original file had 72 175 lines, and after removing all code related to Zephyr and JEditor, the file had... 24 512 lines!

Beware for compression: if you have a reverse proxy, you have to disable compression in Jira, and only enable it in the reverse proxy.

Dear @Pascal Robert , with the help of Atlassian, we have been advide to set the GZIP compression is ON on our runnning instance, and so far we do not have any problem at all with all those batch.js error

regards

I'm a bit surprised, because their own documentation says that if you have a reverse proxy, compression should be done in the proxy, not in the Jira instance.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

Lessons and Learnings: Six Months of Working Remote [Discussion]

Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...

8,411 views 6 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you