It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Scriptrunner vulnerability email

RVal May 30, 2018

Today I received suspicious email talking about critical vulnerability of ScriptRunner for JIRA and providing bunch of links to learn more about it and see how to patch the affected version.

As it looked suspicious to me I did not click on the links but instead tried to google any news about ScriptRunner vulnerabilities and checked Adaptavist web site. I did not find any information supporting claims in the email I received so looks like it was a malicious email and I was right not to trust it.

Let me know if I am wrong and there is indeed some vulnerabilities in Scriptrunner that need to be patched. But if there is none just be careful of the emails like this being distributed  to JIRA users.

1 comment

Thomas Schlegel Community Leader May 30, 2018

@RVal, there are critical security fixes for Scriptrunner in the Atlassian Marketplace:

https://marketplace.atlassian.com/apps/6820/scriptrunner-for-jira/version-history

Nic Brough [Adaptavist] Community Leader May 30, 2018

It's definitely not malicious, there is a vulnerability.

The team has concentrated on fixing, patching and getting updates out to people who may be affected.  I'm expecting a wider announcement and some more detail soon.

RVal May 30, 2018

@Thomas SchlegelThank you for letting me know. I can see that Critical Security fix for JIRA 7.0 - 7.9.2 was delivered in version 5.3.26 released on 5/1/2018. That is probably why I did not find any recent news about it. I'm not sure why it took Adaptavist a month to send this warning email then.

Katy Kelly May 31, 2018

Hi @RVal,

We sent out an initial email May 1st. This email is a reminder email being sent in case the initial one was not received or not opened. If you would like to review the development ticket about this you can review here: https://productsupport.adaptavist.com/browse/SRJIRA-2832

Regards,

Katy

Comment

Log in or Sign up to comment
Community showcase
Published in Next-gen

Introducing subtasks for breaking down work in next-gen projects

Teams break work down in order to help simplify complex tasks. This is often done iteratively, with tasks being broken down into smaller tasks and so on until the work is accurately captured in well-...

12,540 views 61 59
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you