Hello dear community,
We're trying to create a security policy regarding the installation of plugins from the marketplace on jira on-premise server.
1. Can someone confirm my assumtion that plugins run within the jvm on the server?
2. What about updates, can any author issue an update to their plugin and it will auto update on my server? or is it an elective process?
3. Does anyone knows if any malicious plugin incidents?
4. Does anyone knows if plugins where ever used as an attack vector?
Thanks in advance, community!
Very interesting question @Yaniv K
As far as I know
1 - Yes, they run inside the JVM on the server
2 - You have to chose to upgrade the plugin
3 - the plugins go throw an evaluation from Atlassian. it could happen but i think that hadn't happen.
4 - You have to understand that some base functionalities are provided by plugins, made from Atlassian. I can remember that it happened on Confluence, but I'm sure it can happen on Jira.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events