- Upgraded AWS infrastructure from Amazon Linux to Amazon Linux 2
- Improved Security in Team Secrets to prevent Cross Site Scripting (Stored XSS)
- Addressed an issue where users were occasionally unable to modify secrets following a change or edit to their username
- Updated the authentication method used while making requests to Jira Service Management Rest APIs
- Updated dependencies to improve security
Version history
CloudJira Cloud2023-12-11Security improvements (Cross Site Scripting, dependencies) & Linux upgrade 6.1.0-P2Jira Data Center 8.13.1 - 9.8.02023-12-11Security improvements (Cross Site Scripting, dependencies) & Linux upgrade Version 6.1.0-P2 • Released 2023-12-11 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Upgraded AWS infrastructure from Amazon Linux to Amazon Linux 2
- Improved Security in Team Secrets to prevent Cross Site Scripting (Stored XSS)
- Addressed an issue where users were occasionally unable to modify secrets following a change or edit to their username
- Updated the authentication method used while making requests to Jira Service Management Rest APIs
- Updated dependencies to improve security
6.0.0-P2Jira Data Center 8.13.1 - 9.8.02023-06-01New edit secret functionality & bug fixes Version 6.0.0-P2 • Released 2023-06-01 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Users can now edit secrets:
- Add/Remove files
- Change secure field title & text
- Change custom field text
- Enable/disable SMS 2FA requirement
- Change who a secret is shared with
- Change the expiration date
- To maintain the highest levels of security, a secret can only be edited by its creator after authenticating fully.
- For existing customers, an administrator must manually enable Edit Secrets.
- For new installations, Edit Secrets will be active by default. (Configurable)
- Edit Secrets is not available for Service Desk Agent-Customer secrets.
- Bug fixes:
- Missing UI components when going backwards through a workflow
- Inability to post a secret when the recipient list is set to "everyone" with empty expiration date or no files selected after clicking "Post Secret".
- [Only applies to Service Desk] Agent cannot view secure text shared by customer if email visibility is turned off. ("User email visibility" is a built-in Jira configuration option found in System Info → General Configuration → Options)
- Users can now edit secrets:
5.0.0-P2Jira Data Center 8.13.1 - 9.3.12022-11-03Secure Text support in Jira Service Management Portal & bug fixes Version 5.0.0-P2 • Released 2022-11-03 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Added Secure Text feature for Jira Service Management portal so users and agents can securely share text based information. (Previously, only files attachments were supported)
- Added support for extensive customization of the Team Secrets portal functionality via the Admin Panel
- Admins can control if portal users are allowed to encrypt files, secure text, or both.
- Admins can customize the text of prompts shown to portal users to request specific encrypted information be attached (example: credit card #, account #, SSN)
- Admins can adjust these portal setting on a project-by-project basis
- Fixed minor UI rendering bugs and improved maintainability of the product
4.1.0-P2Jira Data Center 8.13.1 - 8.22.62022-07-18Bug fixes for UI Issues Version 4.1.0-P2 • Released 2022-07-18 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Fix for unexpected flashing behavior when rendering Service Management UI
- Fix for unexpected Team Secrets pop up when navigating to other tickets
- Fix for user/group sharing target selection - removed unexpected case sensitivity
4.0.0-P2Jira Data Center 8.13.1 - 8.22.62022-05-20Security improvements Version 4.0.0-P2 • Released 2022-05-20 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialWith this release, we’ve made changes to the backend and addon to enhance the security of Team Secrets for Data Center.
3.2.0-P2Jira Data Center 8.13.1 - 8.22.62022-02-02Addresses workflow in Service Mangement user portal Version 3.2.0-P2 • Released 2022-02-02 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Service management user portal for Data Center now flows into Team Secrets when a ticket is created, as Atlassian no longer supports a checkbox to acknowledge. Users may skip out by clicking Cancel.
3.0.0-P2Jira Data Center 8.13.1 - 8.21.12021-09-09Two UI/UX updates Version 3.0.0-P2 • Released 2021-09-09 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Loading icon on Team Secrets panels has been fixed so that it continues to show until all items have loaded in all cases
- UI improvement made so users can simply press Enter after inputting a passphrase
- Simultaneous Jira Cloud release expands our supported product catalog with Jira Service Management Cloud.
Please note: We've updated our privacy policy. Notably, we've removed references to the EU-US Privacy Shield since the European Union Court of Justice has invalidated it. https://www.teamsecrets.io/privacy
3.0.0-P2Jira Server 8.13.1 - 8.21.12021-09-09Two UI/UX updates Version 3.0.0-P2 • Released 2021-09-09 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Loading icon on Team Secrets panels has been fixed so that it continues to show until all items have loaded in all cases
- UI improvement made so users can simply press Enter after inputting a passphrase
- Simultaneous Jira Cloud release expands our supported product catalog with Jira Service Management Cloud.
Please note: We've updated our privacy policy. Notably, we've removed references to the EU-US Privacy Shield since the European Union Court of Justice has invalidated it. https://www.teamsecrets.io/privacy
2.1.0-P2Jira Data Center 8.13.1 - 8.16.12020-10-08Improved SMS debugging | Security updates Version 2.1.0-P2 • Released 2020-10-08 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Improvements which will allow us to better debug any 2FA SMS issues.
- Library version updates for improved security & stability
- UI updated to correctly reflect permissions: Post Secret button will be enabled only for users with edit issue permissions.
2.1.0-P2Jira Server 8.13.1 - 8.13.62020-10-08Improved SMS debugging | Security updates Version 2.1.0-P2 • Released 2020-10-08 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Improvements which will allow us to better debug any 2FA SMS issues.
- Library version updates for improved security & stability
- UI updated to correctly reflect permissions: Post Secret button will be enabled only for users with edit issue permissions.
2.0.1-P2Jira Data Center 8.8.1 - 8.11.12020-06-10Improved security for Service Desk secrets & UI bug fix Version 2.0.1-P2 • Released 2020-06-10 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- We've improved the security of Service Desk (Agent & User) secrets when email addresses are changed.
- An intermittent UI issue previously caused the secrets panel on tickets to require vertical scrolling. This has been fixed.
2.0.1-P2Jira Server 8.8.1 - 8.11.12020-06-10Improved security for Service Desk secrets & UI bug fix Version 2.0.1-P2 • Released 2020-06-10 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- We've improved the security of Service Desk (Agent & User) secrets when email addresses are changed.
- An intermittent UI issue previously caused the secrets panel on tickets to require vertical scrolling. This has been fixed.
2.0.0-P2Jira Data Center 8.8.0 - 8.8.12020-03-31Service desk agent teams and user file sharing with 2FA Version 2.0.0-P2 • Released 2020-03-31 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- New service desk support for encrypted file sharing between teams of agents and external users
- Email based 2FA required to verify agents and users and decrypt secrets (Service Desk only)
- All preexisting Team Secrets features and options for files and fields shared between internal teams on Jira Server including Service Desk continue to work the same
2.0.0-P2Jira Server 8.8.0 - 8.8.12020-03-31Service desk agent teams and user file sharing with 2FA Version 2.0.0-P2 • Released 2020-03-31 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- New service desk support for encrypted file sharing between teams of agents and external users
- Email based 2FA required to verify agents and users and decrypt secrets (Service Desk only)
- All preexisting Team Secrets features and options for files and fields shared between internal teams on Jira Server including Service Desk continue to work the same
1.6.2-P2Jira Data Center 7.4.0 - 8.7.12019-10-22Configure forced authentication mechanism Version 1.6.2-P2 • Released 2019-10-22 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialA new Jira admin panel configuration option allows you to set a default authentication mechanism as the default for all new secrets created. Now, admins can configure secrets to be created specifically using system generated passphrases or custom passphrases as a mandate. This is valuable when admins need to promote tight security with strict default values.
1.6.2-P2Jira Server 7.4.0 - 8.7.12019-10-22Configure forced authentication mechanism Version 1.6.2-P2 • Released 2019-10-22 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialA new Jira admin panel configuration option allows you to set a default authentication mechanism as the default for all new secrets created. Now, admins can configure secrets to be created specifically using system generated passphrases or custom passphrases as a mandate. This is valuable when admins need to promote tight security with strict default values.
1.6.1-P2Jira Data Center 7.4.0 - 8.5.142019-07-19Show secrets only on selected projects. | Configure forced expiration periods. Version 1.6.1-P2 • Released 2019-07-19 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Selected Projects Only
Team Secrets functionality can now be turned on for only select projects. In the Jira admin panel you can select the exact projects needed. The TS Panel, Custom Fields, and Audit Logs will only be shown for enabled projects. This is valuable for organizations who want to steam-line their Jira tickets for projects (with no need for secrets) or for admins wanting to disable adding secrets on some projects due to lack of suitability.
- Forced Expiration
A new Jira admin panel configuration option allows you to set a default expiration date as the default for all new secrets created. A second options allows requiring users to set an expiration date value on new secrets, preventing the creation of non-expiring secrets. This is valuable when admins need to promote tight security with strict default values. Going further, the option to require an expiration be set arms organizations with the ability to enforce an end-of-life on all data users save as secrets.
1.6.1-P2Jira Server 7.4.0 - 8.5.142019-07-19Show secrets only on selected projects. | Configure forced expiration periods. Version 1.6.1-P2 • Released 2019-07-19 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Selected Projects Only
Team Secrets functionality can now be turned on for only select projects. In the Jira admin panel you can select the exact projects needed. The TS Panel, Custom Fields, and Audit Logs will only be shown for enabled projects. This is valuable for organizations who want to steam-line their Jira tickets for projects (with no need for secrets) or for admins wanting to disable adding secrets on some projects due to lack of suitability.
- Forced Expiration
A new Jira admin panel configuration option allows you to set a default expiration date as the default for all new secrets created. A second options allows requiring users to set an expiration date value on new secrets, preventing the creation of non-expiring secrets. This is valuable when admins need to promote tight security with strict default values. Going further, the option to require an expiration be set arms organizations with the ability to enforce an end-of-life on all data users save as secrets.
1.6.0-P2Jira Data Center 7.4.0 - 8.2.62019-06-25Default settings for secret expiration Version 1.6.0-P2 • Released 2019-06-25 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Jira admins can configure default value for secret expiration which can be overridden while posting secrets.
- Minor bug fixes.
1.6.0-P2Jira Server 7.4.0 - 8.2.62019-06-25Default settings for secret expiration Version 1.6.0-P2 • Released 2019-06-25 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Jira admins can configure default value for secret expiration which can be overridden while posting secrets.
- Minor bug fixes.
1.5.1-P2Jira Data Center 7.4.0 - 8.2.12019-03-13Support for Jira version 8 Version 1.5.1-P2 • Released 2019-03-13 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialSupport for Jira version 8
1.5.1-P2Jira Server 7.4.0 - 8.2.12019-03-13Support for Jira version 8 Version 1.5.1-P2 • Released 2019-03-13 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialSupport for Jira version 8
1.5.0-P2Jira Data Center 7.4.0 - 7.13.182019-01-25Support for Jira Data Center Version 1.5.0-P2 • Released 2019-01-25 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialExtending the add-on to be compatible with Jira Data Center setups.
1.5.0-P2Jira Server 7.4.0 - 7.13.182019-01-25Support for Jira Data Center Version 1.5.0-P2 • Released 2019-01-25 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialExtending the add-on to be compatible for Jira Data Center setups.
1.4.0-P2Jira Server 7.4.0 - 7.13.182019-01-08Audit trail for creation/deletion/access of encrypted files, text and fields Version 1.4.0-P2 • Released 2019-01-08 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialJira users can view the audit trail of Secrets created, deleted or accessed (successful and unsuccessful attempts) from within Jira's activity section.
1.3.2-P2Jira Server 7.2.6 - 7.13.182018-11-29Added custom field type for encrypted text Version 1.3.2-P2 • Released 2018-11-29 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialJira admins can now add to any issue type a custom field whose value is encrypted text protected by multi-factor authentication
1.3.1-P2Jira Data Center 7.2.6 - 7.12.32019-01-24Added custom field type for encrypted text Version 1.3.1-P2 • Released 2019-01-24 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialJira admins can now add to any issue type a custom field whose value is encrypted text protected by multi-factor authentication
1.2.8-P2Jira Server 7.2.6 - 7.12.32018-10-12Limit secret access to Jira groups Version 1.2.8-P2 • Released 2018-10-12 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Secret creators now have the ability to limit access to Jira groups, in addition to individuals, or an entire project
- The list of individuals and groups should auto-complete
1.2.7-P2Jira Server 7.2.6 - 7.12.32018-09-10Allow users to choose custom passphrases Version 1.2.7-P2 • Released 2018-09-10 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Secret creators can choose a custom passphrase instead of the generated passphrase
- The UX will guide the user toward creating a string password of at least 10 characters
1.2.6-P2Jira Server 7.2.6 - 7.11.22018-08-03Limit secret access and username visibility to people with project access Version 1.2.6-P2 • Released 2018-08-03 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Secret creation states more clearly that access is limited to users with access to the project.
- Secret creators will only be able to see users with access to the project where the secret is created - usernames from other projects are not accidentally exposed to users (who might also be customers) who shouldn't see them.
- If you need assistance, please contact us at https://www.teamsecrets.io/support
1.2.5-P2Jira Server 7.2.6 - 7.11.22018-07-13Choose an IAM user from your own account to access custom S3 buckets Version 1.2.5-P2 • Released 2018-07-13 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Team Secrets for Jira lets you choose an IAM user from your own account to access custom S3 buckets so that secrets are never touched by Team Secrets users or resources.
- For a step-by-step guide on configuring a custom S3 bucket, please see: https://www.teamsecrets.io/jira-custom-s3-buckets
- If you need assistance, please contact us at https://www.teamsecrets.io/support
1.2.4-P2Jira Server 7.2.6 - 7.11.22018-07-12Choose an IAM user from your own account to access custom S3 buckets Version 1.2.4-P2 • Released 2018-07-12 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Team Secrets for Jira lets you choose an IAM user from your own account to access custom S3 buckets so that secrets are never touched by Team Secrets users or resources.
- For a step-by-step guide on configuring a custom S3 bucket, please see: https://www.teamsecrets.io/jira-custom-s3-buckets
- If you need assistance, please contact us at https://www.teamsecrets.io/support
1.2.3-P2Jira Server 7.2.6 - 7.10.22018-04-24Fixed issues identified in a recent penetration test. Version 1.2.3-P2 • Released 2018-04-24 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialFixed issues identified in a recent penetration test to prevent possible information leakage and fingerprinting attacks.
1.2.2-P2Jira Server 7.2.6 - 7.9.22018-04-20Fixed issues identified in a recent penetration test. Version 1.2.2-P2 • Released 2018-04-20 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • CommercialFixed issues identified in a recent penetration test to prevent possible information leakage and fingerprinting attacks.
1.2.1-P2Jira Server 7.2.6 - 7.9.22018-01-18Added ability to use custom S3 buckets for secret storage. Version 1.2.1-P2 • Released 2018-01-18 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Team Secrets for Jira lets you to store encrypted secrets in an AWS S3 bucket of your choosing.
- For a step-by-step guide on configuring a custom S3 bucket, please see: https://www.teamsecrets.io/jira-custom-s3-buckets
- Added support for proxy servers.
- If you need assistance, please contact us at https://www.teamsecrets.io/support
1.2.0-P2Jira Server 7.2.6 - 7.6.172017-12-22Added ability to use custom S3 buckets for secret storage Version 1.2.0-P2 • Released 2017-12-22 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Team Secrets for Jira lets you to store encrypted secrets in an AWS S3 bucket of your choosing.
- For a step-by-step guide on configuring a custom S3 bucket, please see: https://www.teamsecrets.io/jira-custom-s3-buckets
- If you need assistance, please contact us at https://www.teamsecrets.io/support
1.1.0-P2Jira Server 7.2.6 - 7.6.172017-08-28Added Secure Fields - encrypt sensitive text and choose who can decrypt Version 1.1.0-P2 • Released 2017-08-28 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Add a Secure Field that includes text up to 10000 characters and a custom title
- Save and Encrypt any text and specify who can view
- Verify recipients with 2 factor authentication and/or secure passphrases
- View Secure Fields along side other Team Secrets files
1.0.1-P2Jira Server 7.2.6 - 7.3.92017-06-14Delete secrets, improvements to secret creation and verification, UI fixes Version 1.0.1-P2 • Released 2017-06-14 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Secret creators can delete a Team Secret, cancel files during encryption, and remove recipients before posting
- Secret viewers can request passphrase on failed verification or notify sender on failed mobile number verification
- Secret viewers can select individual files to download and decrypt
- Secret creators can choose from a list of phone numbers for a viewer
- Expired Team Secrets are now labelled correctly
- Some minor UI bug fixes and improvements
1.0.0-P2Jira Server 7.2.6 - 7.3.92017-05-17Initial release Version 1.0.0-P2 • Released 2017-05-17 • Supported By Kickdrum Technology Group LLC • Paid via Atlassian • Commercial- Support for Jira Cloud
- Support for Jira Server/Data Center
- End-to-end encryption for file attachments
- Verify recipients with mobile phone numbers
- Verify recipients with secure, generated passphrases
- Set expiration dates for secrets