scriptrunner security on public site

I'm planning to install script runner on a public JIRA site. Is there any security issues I should be concerned about?

2 answers

5 votes

None known in the latest version. It does expose JQL functions to non-admins, and some time ago there was a ReDOS vulnerability in a jql function that was fixed.

So vulns do happen, as they do in JIRA itself.

If you're worried you might be DoSed or something, then it's probably easier to DoS someone using the provided JQL functions in SR than the native ones.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I'd also point out that when security issues have cropped up, Jamie fixed them *really* quickly.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

2 votes

Not directly, it doesn't expose anything to non-admins. Unless your admins write something that does.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Products

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

scriptrunner security on public site

2 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events

Ask a question

Products

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

scriptrunner security on public site

2 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events