are you awaking with this bug?
When you are not logged in, you can see the managed filters! Is it a bug???
However all the filters are empty.
Have a look:
2 cents: Shouldn't be "shared with anyone" instead of "shared with all users" ? I think this is a little confusing; that sharing should be really split in two, one to allow anonymous access and the other one to allow all logged in users (so: "Shared with all users" and "Shared with anyone").
There's a security problem here, some users may leak information to the outside world without knowing it. Just an opinion.
I think the language could be improved - it feels like it was written by an experienced Jira admin, who is fully aware that enabling "anonymous" access implies that "anyone" is a "user".
But replacing "shared with all users" with "shared with anyone" is wrong. You don't *know* that anonymous can see stuff when you use that screen.
There is no security problem, as long as your admins are fully aware of how "anyone/anonymous" works and exposes lots of information (potentially)
But I do think all the wording is unhelpful.
I agree. Filter names can have sensitive data. If it is shared with all users, it should be visible only to logged in users. If shared with anyone, it should be visible to anonymous users.
But at the moment, JIRA has only one option to share with "Everyone". Fix should start there.
Atlassian released a security advisory on 3/20/2019. The full advisory is here: https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html In a nutshe...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs