Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

what is batch.js?

steve moffat
steve moffat June 14, 2019

Hi JIRA community.

I look after a JIRA Server instance. We recently upgraded to v7.13.0(LTS).

As part of the process our security department uses a tool and scans my test system.

The tool reported what it calls a vulnerability, saying it caused a large amount of "code" to be transferred to the browser.  The name of the code is batch.js.

From the reading I've done, this seems like a pretty common piece of code, that regularly loads into the browers to facilitate some page functionality

I am hoping I can write this off as a "false positive" from the testing tool, and does not constitue a security exposure.

If anyone knows what batch.js is, or if it might contain sensitve data as a result of user activity could you please let me know?

Thanks,

Steve

Answer
Watch
Like Be the first to like this
5408 views

2 answers

3 votes
JP _AC Bielefeld Leader_
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 15, 2019

Hi,

as I recall the batch.js is a merger of many js files & functions the Atlassian tools need to work. Instead of requesting each js file on it's own, they batched together to make only a single request to make things faster.

Working with Atlassian tools since more than five years: False positive...

Your security department might want to check the source code which generates the batch.js. You can download the code on your Atlassian license page.

Best

JP

View More Comments
steve moffat
steve moffat June 18, 2019

Thank you JP.

Need a bit of time here to investigate more.  Just wanted to thank you for your response.

Steve

Like
Reply
0 votes
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 27, 2020

Dear @JP _AC Bielefeld Leader_ 

Our dynatrace expert report us that we have some performamce issue with Jira and especially the file /batch.js which take around 36 seconds to get the response time for a file size of 5MB.

We have been request to identify the reason of that issue but hard to identify it as we use Jira as DataCenter has it is.

The only thing we have seen is that GZIP compression is OFF in our Instance settings, does it means to set it ON and improve the all rendering ?

regards 

View More Comments
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 28, 2020

Hi,

Did you fix that ?

Like
Pascal Robert
Pascal Robert July 12, 2020

Hi Serge,

We are coming to the same conclusion, also with the help of Dynatrace. In our case, batch.js is 4.83 MB *with compression*, 15.4 MB after decompression. 

Looking at the code, and it's a lot of lines for Zephyr and JEditor. The original file had 72 175 lines, and after removing all code related to Zephyr and JEditor, the file had... 24 512 lines!

Beware for compression: if you have a reverse proxy, you have to disable compression in Jira, and only enable it in the reverse proxy.

Like
serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 13, 2020

Dear @Pascal Robert , with the help of Atlassian, we have been advide to set the GZIP compression is ON on our runnning instance, and so far we do not have any problem at all with all those batch.js error

regards

Like
Pascal Robert
Pascal Robert July 13, 2020

I'm a bit surprised, because their own documentation says that if you have a reverse proxy, compression should be done in the proxy, not in the Jira instance.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events