You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Today I received suspicious email talking about critical vulnerability of ScriptRunner for JIRA and providing bunch of links to learn more about it and see how to patch the affected version.
As it looked suspicious to me I did not click on the links but instead tried to google any news about ScriptRunner vulnerabilities and checked Adaptavist web site. I did not find any information supporting claims in the email I received so looks like it was a malicious email and I was right not to trust it.
Let me know if I am wrong and there is indeed some vulnerabilities in Scriptrunner that need to be patched. But if there is none just be careful of the emails like this being distributed to JIRA users.
It's definitely not malicious, there is a vulnerability.
The team has concentrated on fixing, patching and getting updates out to people who may be affected. I'm expecting a wider announcement and some more detail soon.
@Thomas SchlegelThank you for letting me know. I can see that Critical Security fix for JIRA 7.0 - 7.9.2 was delivered in version 5.3.26 released on 5/1/2018. That is probably why I did not find any recent news about it. I'm not sure why it took Adaptavist a month to send this warning email then.
We sent out an initial email May 1st. This email is a reminder email being sent in case the initial one was not received or not opened. If you would like to review the development ticket about this you can review here: https://productsupport.adaptavist.com/browse/SRJIRA-2832