539 matches found
Allow issue security level to use any custom field that implements UserCFNotificationTypeAware
It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you had a security level that was only the reporter and the assignee, if the issue needs to get reassigned the issue could still be seen by the original assignee. The JIRA...
Cross site scripting
Cross-site scripting XSS vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field...
You are able to delete a Custom Field that is referenced in Permission settings.
If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...
You are able to delete a Custom Field that is referenced in Permission settings.
If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...
You are able to delete a Custom Field that is referenced in Permission settings.
If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
user value of JiraAuthenticationContext not set is SOAP service getIssue()
Call to JiraAuthenticationContext.setUser missing during getIssue SOAP service call. Service call will fail silently if there are custom fields with explicit secutity checking for attributes derived from current user. In my case I try to verify existance of an issue using getIssue SOAP service...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date
emphasized textSimilar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce...
Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date
Similar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce performance...
Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date
emphasized textSimilar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce...
Deleting a custom field which has an issue security scheme or permission scheme on it causes system error
A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...
Deleting a custom field which has an issue security scheme or permission scheme on it causes system error
A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...
Deleting a custom field which has an issue security scheme or permission scheme on it causes system error
A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...
Security update 1970-01-01
...