Hello dear community,
We're trying to create a security policy regarding the installation of plugins from the marketplace on jira on-premise server.
1. Can someone confirm my assumtion that plugins run within the jvm on the server?
2. What about updates, can any author issue an update to their plugin and it will auto update on my server? or is it an elective process?
3. Does anyone knows if any malicious plugin incidents?
4. Does anyone knows if plugins where ever used as an attack vector?
Thanks in advance, community!
Very interesting question @Yaniv K
As far as I know
1 - Yes, they run inside the JVM on the server
2 - You have to chose to upgrade the plugin
3 - the plugins go throw an evaluation from Atlassian. it could happen but i think that hadn't happen.
4 - You have to understand that some base functionalities are provided by plugins, made from Atlassian. I can remember that it happened on Confluence, but I'm sure it can happen on Jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.