I need a dev to try out some scripts to make zephyr integrate with some custom fields. Do i have to give him admin access to achieve this ?

Community
Q&A
Jira
Questions
can a non jira admin user get access to groovy script runner?

Log4j vulnernerability in jira apps

Hi, we've a jira server app and its .jar file. It has a dependency on log4j 1.2.6 indirectly i.e. we dont have the ref in pom.xml but one of the dependencies has it. Can someone advise on how to make this transitive dependency to latest log4j?

2 answers

1 accepted

1 vote

Answer accepted

Yes. Groovy really is very powerful because it can use most of the internals, and should only ever be used by administrators (because you can, in theory, trust them to know how to avoid doing any damage with it)

You may find it safer to let them work with a dev/test system as an admin, and then promote their work when you've proved it's ok.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Thanks Nic, thought as much

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Log4j vulnernerability in jira apps

2 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events