We are using JIRA 6.4.13 version. The following vulnerabilities are detected in APP SCAN report and marked as medium. We need to address it.
2-5 appear to be a function of the web-server you're using, rather than JIRA itself - you'll need to look at that.
Point 1 - not a lot we can do without knowing which error it is.
Could you elaborate how you could add CSRF protection to the login form via the webserver, in my case nginx? My understanding was that the application needs to do this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.