Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,560,068
Community Members
 
Community Events
185
Community Groups

Scriptrunner vulnerability email

RVal
RVal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 30, 2018

Today I received suspicious email talking about critical vulnerability of ScriptRunner for JIRA and providing bunch of links to learn more about it and see how to patch the affected version.

As it looked suspicious to me I did not click on the links but instead tried to google any news about ScriptRunner vulnerabilities and checked Adaptavist web site. I did not find any information supporting claims in the email I received so looks like it was a malicious email and I was right not to trust it.

Let me know if I am wrong and there is indeed some vulnerabilities in Scriptrunner that need to be patched. But if there is none just be careful of the emails like this being distributed  to JIRA users.

Comment
Watch
Like Stibally Guardado likes this
1487 views

1 comment

Thomas Schlegel
Thomas Schlegel
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 30, 2018

@RVal, there are critical security fixes for Scriptrunner in the Atlassian Marketplace:

https://marketplace.atlassian.com/apps/6820/scriptrunner-for-jira/version-history

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 30, 2018

It's definitely not malicious, there is a vulnerability.

The team has concentrated on fixing, patching and getting updates out to people who may be affected.  I'm expecting a wider announcement and some more detail soon.

Like
RVal
RVal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 30, 2018

@Thomas SchlegelThank you for letting me know. I can see that Critical Security fix for JIRA 7.0 - 7.9.2 was delivered in version 5.3.26 released on 5/1/2018. That is probably why I did not find any recent news about it. I'm not sure why it took Adaptavist a month to send this warning email then.

Like
Katy Kelly
Katy Kelly
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 31, 2018

Hi @RVal,

We sent out an initial email May 1st. This email is a reminder email being sent in case the initial one was not received or not opened. If you would like to review the development ticket about this you can review here: https://productsupport.adaptavist.com/browse/SRJIRA-2832

Regards,

Katy

Like
Reply

Comment

Log in or Sign up to comment
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

See all events