Hi JIRA community.
I look after a JIRA Server instance. We recently upgraded to v7.13.0(LTS).
As part of the process our security department uses a tool and scans my test system.
The tool reported what it calls a vulnerability, saying it caused a large amount of "code" to be transferred to the browser. The name of the code is batch.js.
From the reading I've done, this seems like a pretty common piece of code, that regularly loads into the browers to facilitate some page functionality
I am hoping I can write this off as a "false positive" from the testing tool, and does not constitue a security exposure.
If anyone knows what batch.js is, or if it might contain sensitve data as a result of user activity could you please let me know?
as I recall the batch.js is a merger of many js files & functions the Atlassian tools need to work. Instead of requesting each js file on it's own, they batched together to make only a single request to make things faster.
Working with Atlassian tools since more than five years: False positive...
Your security department might want to check the source code which generates the batch.js. You can download the code on your Atlassian license page.
Our dynatrace expert report us that we have some performamce issue with Jira and especially the file /batch.js which take around 36 seconds to get the response time for a file size of 5MB.
We have been request to identify the reason of that issue but hard to identify it as we use Jira as DataCenter has it is.
The only thing we have seen is that GZIP compression is OFF in our Instance settings, does it means to set it ON and improve the all rendering ?
We are coming to the same conclusion, also with the help of Dynatrace. In our case, batch.js is 4.83 MB *with compression*, 15.4 MB after decompression.
Looking at the code, and it's a lot of lines for Zephyr and JEditor. The original file had 72 175 lines, and after removing all code related to Zephyr and JEditor, the file had... 24 512 lines!
Beware for compression: if you have a reverse proxy, you have to disable compression in Jira, and only enable it in the reverse proxy.
Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event