Why is source code no longer available?

Hi @Jiri Hronik, 

time wise I assume it was removed as part of the recent Confluence CVE?

When will this temporary procedure be removed? Taken into account that as a developer / partner you need different versions from time to time and waiting for support isn't not the best case as long their is no automated self-service option.

Regards,
Tim

Hi @Tim Eddelbüttel

I understand what you're saying and we're aware of the impact this has on our development partners.

At this time, I don't have anything more to share. We'll provide an update to the community more broadly when we have one.

Thanks for bearing with us as we work on this.

Thanks,
James Ponting
Engineering Manager - Confluence Data Center 

Our on-prem technical support teams are currently experiencing a high volume of requests due to the recently published security advisory affecting Confluence Server and Data Center. This may result in longer-than-expected response times. We are committed to prioritizing critical requests and resolving them as soon as possible.

@James Ponting, the situation is annoying. I'll understand the removal. It can be discussed if this is security by obscurity or not. But that's another story.

I'll have the immediate need for some Jira source code. And this blocks my work now, because I don't have access to it. That the support teams are overloaded in these situations is expected. Therefor Self-Service should be a must straight from the beginning.

@Tim Eddelbüttel  @James Ponting with CVE exploits now already published on github, maybe it's safe again to re-open the sources unless there's more internal code auditing happening on them.

 Hi   @Jiri Hronik ,

Are they going to disable permanently or enable after somedays. Any Idea on this.

Hi @Jiri Hronik, Hi @James Ponting 

is there any update that you can share?

You've referenced to contact support and request the source code. I did this back in November (GHS-267732) and the answer was simply no.

There are still various valid reasons why this is needed for developers. One of them is also that since Jira 7.x there is not actual Jira Agile aka. Greenhopper Java API available. (https://jira.atlassian.com/browse/JSWSERVER-15321)

Kind Regards,
Tim

Hi @Jiri Hronik

any update on when the sources will be available again? "Temporarily" is looking to take quite a while and I doubt that keeping Jira closed source is actively increasing the security, as any pentester can decompile anyway.

Kind regards
Thomas

Hi @Thomas Rieder 

Unfortunately I don't have any update right now, sorry. The process of sharing source code is still being reviewed internally and the team will share an update once they have it.

@James PontingAny news on this matter, please?

It's really important for ecosystem partners to have the source code available for app development.

Thanks!