Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Trivy vulnerabiltiy scan of atlassian/jira-software:9.11.0 image picks up critical vulnerabilities

Saul Williamson
Saul Williamson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 19, 2023

Ran trivy image vulnerability scanner on atlassian/jira-software:9.11.0. It is picking up a number of critical vulnerabilities listed below.

Looking through old tickets and other documentation some of these are considered non-applicable.  But the following items are still of concern:

org.yaml:snakeyaml
CVE-2022-1471

org.eclipse.jetty:jetty-server
CVE-2017-7658
CVE-2017-7657

List of critical vulnerabilities picked up by Trivy image security scan:

PackageVulnerability IDSeverityInstalled VersionFixed Version
com.fasterxml.jackson.core:jackson-databindCVE-2017-15095CRITICAL2.3.32.7.9.2, 2.8.10, 2.9.1
com.fasterxml.jackson.core:jackson-databindCVE-2018-11307CRITICAL2.3.32.7.9.4, 2.8.11.2, 2.9.6
com.fasterxml.jackson.core:jackson-databindCVE-2018-14718CRITICAL2.3.32.6.7.2, 2.9.7
com.fasterxml.jackson.core:jackson-databindCVE-2018-7489CRITICAL2.3.32.7.9.3, 2.8.11.1, 2.9.5
com.fasterxml.jackson.core:jackson-databindCVE-2019-14540CRITICAL2.3.32.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-14893CRITICAL2.3.32.8.11.5, 2.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-16335CRITICAL2.3.32.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-16942CRITICAL2.3.32.9.10.1
com.fasterxml.jackson.core:jackson-databindCVE-2019-16943CRITICAL2.3.32.9.10.1
com.fasterxml.jackson.core:jackson-databindCVE-2019-17267CRITICAL2.3.32.9.10
com.fasterxml.jackson.core:jackson-databindCVE-2019-17531CRITICAL2.3.32.9.10.1
com.fasterxml.jackson.core:jackson-databindCVE-2019-20330CRITICAL2.3.32.8.11.5, 2.9.10.2
org.eclipse.jetty:jetty-serverCVE-2017-7657CRITICAL8.1.15.v201404119.2.25.v20180606, 9.3.24.v20180605
org.eclipse.jetty:jetty-serverCVE-2017-7658CRITICAL8.1.15.v201404119.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605
org.springframework:spring-webCVE-2016-1000027CRITICAL5.3.266.0.0
org.yaml:snakeyamlCVE-2022-1471CRITICAL1.192
Answer
Watch
Like Be the first to like this
2164 views

2 answers

2 votes
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
October 31, 2018

Hello,

You would need an add-on for it.

For example, you could use the Power Scripts add-on:

https://marketplace.atlassian.com/apps/43318/power-scripts-jira-script-automation?hosting=cloud&tab=overview

You could write a script like this:

string jql;
jql = "project = TEST";
string[] keys = selectIssues(jql);
for(string key in keys){
 string [] h = fieldHistory(%key%, "assignee");
 if (size(h) > 0) {
   date changeDate = parseDate("dd.MM.yyyy", h[0]);
   interval diff = currentDate() - changeDate;
   if (diff >= "3d") {
     %key%.assignee = "";
   }
 }
}

Then you can schedule this script with the runJobByCron method:

https://confluence.cprime.io/display/SIL/runJobByCron

Reply
0 votes
Joe Pitt
Joe Pitt
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
November 1, 2018

From historical experience unassigned issues don't get worked

View More Comments
Arnold Roa
Arnold Roa
Contributor
November 2, 2018

well.. our tickets takes 20 minutes to do, if someone assigns a ticket and end his shift without anyone work on it until the next day when his shift starts.

We offer 24/7 service, our people do what is unassigned all the time.

 

So it's a different context.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security