None known in the latest version. It does expose JQL functions to non-admins, and some time ago there was a ReDOS vulnerability in a jql function that was fixed.
So vulns do happen, as they do in JIRA itself.
If you're worried you might be DoSed or something, then it's probably easier to DoS someone using the provided JQL functions in SR than the native ones.
I'd also point out that when security issues have cropped up, Jamie fixed them *really* quickly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not directly, it doesn't expose anything to non-admins. Unless your admins write something that does.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.