- Version 2.0 • Released 2016-06-06 • No Vendor Support • Free • Commercial - no charge
So far the add-on contained a fixed set of whitelist entries. There are cases related to login (Single-Sign-On aka SSO) where this behavior prevented the use of this add-on.
With this 2.0 release two menu entries were added to the add-on section of the admin menu to:
- Add, view and remove whitelist entries (a regexp for an URL)
- View rejected requests. It is also possible to add the URL verbatim as a whitelist entry with a click
A word of caution is in order here: While it may be convenient to whitelist all rejected URLs you should only allow the URLs which are required for login, captcha and password reset. The attack surface should be as minimal as possible.
- Version 1.7 • Released 2016-01-05 • Supported By codecentric AG • Free • Commercial - no charge
ScriptRunner for Jira tries to access some REST resource at the login screen and does not fail gracefully when the request is declined. Result is a complete hang of the login form. This is fixed with a white list of the rest resource.