None known in the latest version. It does expose JQL functions to non-admins, and some time ago there was a ReDOS vulnerability in a jql function that was fixed.
So vulns do happen, as they do in JIRA itself.
If you're worried you might be DoSed or something, then it's probably easier to DoS someone using the provided JQL functions in SR than the native ones.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs