- Added an option to allow Basic Authentication on all endpoints/ paths; read more about it here
- Optimised app configuration processing for performance
Version history
2.5.0Jira Data Center 8.5.0 - 9.11.12023-09-25New Feature & Improvements Version 2.5.0 • Released 2023-09-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial2.5.0Jira Server 8.5.0 - 9.11.12023-09-25New Feature & Improvements Version 2.5.0 • Released 2023-09-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Added an option to allow Basic Authentication on all endpoints/ paths; read more about it here
- Optimised app configuration processing for performance
2.4.1Jira Data Center 8.5.0 - 9.11.12023-09-12Bugfix Release Version 2.4.1 • Released 2023-09-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug preventing a successful Bearer Authentication with other authenticators even if they were still allowed.
2.4.1Jira Server 8.5.0 - 9.11.12023-09-12Bugfix Release Version 2.4.1 • Released 2023-09-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug preventing a successful Bearer Authentication with other authenticators even if they were still allowed.
2.4.0Jira Data Center 8.5.0 - 9.11.12023-09-07New Feature & Improvements Version 2.4.0 • Released 2023-09-07 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialPlease refer to the release notes for more details.
2.4.0Jira Server 8.5.0 - 9.11.12023-09-07New Feature & Improvements Version 2.4.0 • Released 2023-09-07 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialPlease referr to the release notes for more details.
2.3.1Jira Data Center 8.5.0 - 9.11.12023-08-143rd-Party Library Updates Version 2.3.1 • Released 2023-08-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialUpdated OkHttp and Okio libraries
2.3.1Jira Server 8.5.0 - 9.11.12023-08-143rd-Party Library Updates Version 2.3.1 • Released 2023-08-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialUpdated OkHttp and Okio libraries
2.3.0Jira Data Center 8.5.0 - 9.10.22023-07-17New Feature Version 2.3.0 • Released 2023-07-17 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded configuration option to limit the number of maximum active tokens a user can have at a time. Read more about it in our documentation.
2.3.0Jira Server 8.5.0 - 9.10.22023-07-17New Feature Version 2.3.0 • Released 2023-07-17 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded configuration option to limit the number of maximum active tokens a user can have at a time. Read more about it in our documentation.
2.2.4Jira Server 8.5.0 - 9.9.22023-02-27Bugfix Release Version 2.2.4 • Released 2023-02-27 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded log file entry in case Bearer Authentication with a token fails. Please be aware that these failures are currently not audit-logged. We'll add this soon in an upcoming release.
2.2.4Jira Data Center 8.5.0 - 9.9.22023-02-27Bugfix Release Version 2.2.4 • Released 2023-02-27 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded log file entry in case Bearer Authentication with a token fails. Please be aware that these failures are currently not audit-logged. We'll add this soon in an upcoming release.
2.2.3Jira Server 8.5.0 - 9.6.02023-02-14Bugfix Release Version 2.2.3 • Released 2023-02-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug affecting the log file entries for tokens deleted on behalf of another user. The records mentioned the wrong user key. The audit log was not affected by that bug.
2.2.3Jira Data Center 8.5.0 - 9.6.02023-02-14Bugfix Release Version 2.2.3 • Released 2023-02-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug affecting the log file entries for tokens deleted on behalf of another user. The records mentioned the wrong user key. The audit log was not affected by that bug.
2.2.2Jira Server 8.5.0 - 9.6.02022-12-12Internal Library Updates Version 2.2.2 • Released 2022-12-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialUpdated internal libraries to be compatible with the latest Jira releases
2.2.2Jira Data Center 8.5.0 - 9.6.02022-12-12Internal Library Updates Version 2.2.2 • Released 2022-12-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialUpdated internal libraries to be compatible with the latest Jira releases
2.2.1Jira Server 8.5.0 - 9.4.102022-11-14New Feature & Improvement Release Version 2.2.1 • Released 2022-11-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Feature
- accept authentication with API tokens on selected cluster nodes only, read more about it here
Improvement
- returning the id of a token in the create-token REST response
- the id is required to delete tokens via REST API
2.2.1Jira Data Center 8.5.0 - 9.4.102022-11-14New Feature & Improvement Release Version 2.2.1 • Released 2022-11-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Feature
- accept authentication with API tokens on selected cluster nodes only, read more about it here
Improvement
- returning the id of a token in the create-token REST response
- the id is required to delete tokens via REST API
2.1.0Jira Server 8.5.0 - 9.3.12022-09-19New Features & UX/ UI Improvements, Minor Bugfixes Version 2.1.0 • Released 2022-09-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Features
- individual IP address restrictions for API tokens
- in addition to IP address restrictions that the admin might have defined already, users can assign these on a per token basis
- (HTTP) header/ value access rules for API tokens
- read more about it in our documentation
Changes
- UX/ UI improvements to accommodate new features
Bugfixes
- fixed a bug where users creating a token for themselves got an error that providing an OpenPGP public key is required
- that only happened when admins enabled mandatory OpenPGP encryption for tokens created on behalf
- fixed a malformed response of the Jira session auth endpoint when it hit the token rate limit
- individual IP address restrictions for API tokens
2.1.0Jira Data Center 8.5.0 - 9.3.12022-09-19New Features & UX/ UI Improvements, Minor Bugfixes Version 2.1.0 • Released 2022-09-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Features
- individual IP address restrictions for API tokens
- in addition to IP address restrictions that the admin might have defined already, users can assign these on a per token basis
- (HTTP) header/ value access rules for API tokens
- read more about it in our documentation
Changes
- UX/ UI improvements to accommodate new features
Bugfixes
- fixed a bug where users creating a token for themselves got an error that providing an OpenPGP public key is required
- that only happened when admins enabled mandatory OpenPGP encryption for tokens created on behalf
- fixed a malformed response of the Jira session auth endpoint when it hit the token rate limit
- individual IP address restrictions for API tokens
2.0.5Jira Server 8.5.0 - 9.2.12022-08-313rd party and internal library updates Version 2.0.5 • Released 2022-08-31 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNo release notes.2.0.5Jira Data Center 8.5.0 - 9.2.12022-08-313rd party and internal library updates Version 2.0.5 • Released 2022-08-31 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNo release notes.2.0.3Jira Server 8.5.0 - 9.1.12022-06-14Security Hardening Version 2.0.3 • Released 2022-06-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- further hardening against username enumeration
- in addition to the changes in version 2.0.2, the error message in a 401 response is now identical to the one Atlassian sends: "Basic Authentication Failure - Reason : AUTHENTICATED_FAILED"
- further hardening against username enumeration
2.0.3Jira Data Center 8.5.0 - 9.1.12022-06-14Security Hardening Version 2.0.3 • Released 2022-06-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- further hardening against username enumeration
- in addition to the changes in version 2.0.2, the error message in a 401 response is now identical to the one Atlassian sends: "Basic Authentication Failure - Reason : AUTHENTICATED_FAILED"
- further hardening against username enumeration
2.0.2Jira Server 8.5.0 - 8.22.62022-06-07Bugfix & Security Hardening Version 2.0.2 • Released 2022-06-07 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- fixed a bug that caused UI not to load if the user logged in has no e-mail address set
- hardened app against username enumeration
- removed mentions of usernames in responses that led to 401 - Unauthenticated
- for troubleshooting purposes, admins can still look up details of authentication failures in the log files
- Updated internal and 3rd party libraries
2.0.2Jira Data Center 8.5.0 - 8.22.62022-06-07Bugfix & Security Hardening Version 2.0.2 • Released 2022-06-07 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- fixed a bug that caused UI not to load if the user logged in has no e-mail address set
- hardened app against username enumeration
- removed mentions of usernames in responses that led to 401 - Unauthenticated
- for troubleshooting purposes, admins can still look up details of authentication failures in the log files
- Updated internal and 3rd party libraries
2.0.1Jira Server 8.5.0 - 8.22.62022-05-16Library Updates/ UI Text Changes Version 2.0.1 • Released 2022-05-16 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Updated internal and 3rd party libraries
- Improved text/ wording of a few element descriptions in the UI
2.0.1Jira Data Center 8.5.0 - 8.22.62022-05-16Library Updates/ UI Text Changes Version 2.0.1 • Released 2022-05-16 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Updated internal and 3rd party libraries
- Improved text/ wording of a few element descriptions in the UI
2.0.0Jira Server 8.5.0 - 8.22.62022-04-28New Features & Improvements Version 2.0.0 • Released 2022-04-28 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Features
- Audit logging of configuration changes
- OpenPGP Encryption for tokens created on behalf
- Tags/ Notes for IP address restrictions
Changes
- Users who can't create their own tokens but can use tokens can now see a list of their tokens, i.e. to see expiration dates or other details
- The list of tokens now shows an expiration warning if a token expires within the next 14 days
- Changed texts in the permission settings so that it's more clear what the on-behalf permission implies
2.0.0Jira Data Center 8.5.0 - 8.22.62022-04-28New Features & Improvements Version 2.0.0 • Released 2022-04-28 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Features
- Audit logging of configuration changes
- OpenPGP Encryption for tokens created on behalf
- Tags/ Notes for IP address restrictions
Changes
- Users who can't create their own tokens but can use tokens can now see a list of their tokens, i.e. to see expiration dates or other details
- The list of tokens now shows an expiration warning if a token expires within the next 14 days
- Changed texts in the permission settings so that it's more clear what the on-behalf permission implies
1.9.5Jira Server 7.4.0 - 8.22.62022-02-22Compatibility Update Release Version 1.9.5 • Released 2022-02-22 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded support for Jira 8.22 and Jira 9
1.9.5Jira Data Center 7.4.0 - 8.22.62022-02-22Compatibility Update Release Version 1.9.5 • Released 2022-02-22 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded support for Jira 8.22 and Jira 9
1.9.4Jira Server 7.4.0 - 8.20.72022-02-08Improvement Release Version 1.9.4 • Released 2022-02-08 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded logging of rate-limited requests. Read more about it here: https://wiki.resolution.de/doc/api-token-authentication/latest/admin-guide/logging#id-.Loggingv1.9.x-RateLimitedRequests
1.9.4Jira Data Center 7.4.0 - 8.20.72022-02-08Improvement Release Version 1.9.4 • Released 2022-02-08 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded logging of rate-limited requests. Read more about it here: https://wiki.resolution.de/doc/api-token-authentication/latest/admin-guide/logging#id-.Loggingv1.9.x-RateLimitedRequests
1.9.3Jira Server 7.4.0 - 8.20.72022-02-03Improvements/ Enhancements Version 1.9.3 • Released 2022-02-03 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- now supporting API Token authentication for non-REST /sr/ search request endpoint
- changed a few wordings in description texts of the audit logging page
- changed text for the audit/ log entry "user tried to authenticate with an invalid token or regular password" to "user is authenticating with an invalid token, or with a regular password"
- added a warning so that admins are aware of the fact that tokens that have been created before rate-limiting was enabled won't be rate-limited
1.9.3Jira Data Center 7.4.0 - 8.20.72022-02-03Improvements/ Enhancements Version 1.9.3 • Released 2022-02-03 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- now supporting API Token authentication for non-REST /sr/ search request endpoint
- changed a few wordings in description texts of the audit logging page
- changed text for the audit/ log entry "user tried to authenticate with an invalid token or regular password" to "user is authenticating with an invalid token, or with a regular password"
- added a warning so that admins are aware of the fact that tokens that have been created before rate-limiting was enabled won't be rate-limited
1.9.2Jira Server 7.4.0 - 8.20.72022-01-27Bugfix For New Rate Limiting Feature Version 1.9.2 • Released 2022-01-27 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSince version 1.9.x the app offers functionality to apply rate limits to requests authenticated with API Tokens. Read more about rate-limiting here: https://wiki.resolution.de/go/ata/rate-limit-admin
This bugfix adds a missing database field annotation so that updating the app on instances with MS SQL databases works flawlessly.
If you already updated to 1.9.0/1 and use MS SQL, please contact us at https://www.resolution.de/go/support.
1.9.2Jira Data Center 7.4.0 - 8.20.72022-01-27Bugfix For New Rate Limiting Feature Version 1.9.2 • Released 2022-01-27 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSince version 1.9.x the app offers functionality to apply rate limits to requests authenticated with API Tokens. Read more about rate-limiting here: https://wiki.resolution.de/go/ata/rate-limit-admin
This bugfix adds a missing database field annotation so that updating the app on instances with MS SQL databases works flawlessly.
If you already updated to 1.9.0/1 and use MS SQL, please contact us at https://www.resolution.de/go/support
1.8.4Jira Server 7.4.0 - 8.20.72022-01-10Improvement & Bugfix Release Version 1.8.4 • Released 2022-01-10 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- extended audit logging so that failed authentication due to IP address restrictions is logged as well
- until this version, this only happened when the app was configured to prevent Basic Authentication with regular passwords
- fixed a bug that caused a 401 response on certain REST endpoints when re-using an existing session that wasn't created with an API token
- extended audit logging so that failed authentication due to IP address restrictions is logged as well
1.8.4Jira Data Center 7.4.0 - 8.20.72022-01-10Improvement & Bugfix Release Version 1.8.4 • Released 2022-01-10 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- extended audit logging so that failed authentication due to IP address restrictions is logged as well
- until this version, this only happened when the app was configured to prevent Basic Authentication with regular passwords
- fixed a bug that caused a 401 response on certain REST endpoints when re-using an existing session that wasn't created with an API token
- extended audit logging so that failed authentication due to IP address restrictions is logged as well
1.8.3Jira Server 7.4.0 - 8.20.72021-11-29Improvement Release Version 1.8.3 • Released 2021-11-29 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNow allowing authentication with API tokens on the /secure/attachment/ endpoint.
Before this version one had to use a session cookie to download attachments on this non-REST endpoint.
1.8.3Jira Data Center 7.4.0 - 8.20.72021-11-29Improvement Release Version 1.8.3 • Released 2021-11-29 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNow allowing authentication with API tokens on the /secure/attachment/ endpoint.
Before this version one had to use a session cookie to download attachments on this non-REST endpoint.
1.8.2Jira Server 7.4.0 - 8.20.72021-10-25Bugfix Release Version 1.8.2 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed a bug in IP address verification that caused client requests to be rejected even though they were in a range permitted
- Hardened and upgraded the internal license checker library to prevent issues when applying a new Atlassian application license
1.8.2Jira Data Center 7.4.0 - 8.20.72021-10-25Bugfix Release Version 1.8.2 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed a bug in IP address verification that caused client requests to be rejected even though they were in a range permitted
- Hardened and upgraded the internal license checker library to prevent issues when applying a new Atlassian application license
1.8.1Jira Server 7.4.0 - 8.20.72021-07-27New Feature & Improvements Version 1.8.1 • Released 2021-07-27 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Added a REST token test endpoint for support- and troubleshooting purposes, read more about it in our documentation
- Adjusted checks for requests to non-REST endpoints and if basic authentication with regular passwords is disabled
- before this change, requests with a Basic Auth header would fail and result in HTTP error 403, even if a valid session was present already
- this caused problems when working with certain libraries such as https://github.com/pycontribs/jira
1.8.1Jira Data Center 7.4.0 - 8.20.72021-07-27New Feature & Improvements Version 1.8.1 • Released 2021-07-27 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Added a REST token test endpoint for support- and troubleshooting purposes, read more about it in our documentation
- Adjusted checks for requests to non-REST endpoints and if basic authentication with regular passwords is disabled
- before this change, requests with a Basic Auth header would fail and result in HTTP error 403, even if a valid session was present already
- this caused problems when working with certain libraries such as https://github.com/pycontribs/jira
1.7.1Jira Server 7.4.0 - 8.18.22021-06-28REST API Improvement Version 1.7.1 • Released 2021-06-28 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialREST API only: when creating a token on behalf, the user key provided in the payload is validated first. If it doesn't belong to a user, HTTP status 400 and a message are returned.
To get familiar with the app, please refer to our documentation: https://wiki.resolution.de/doc/api-token-authentication/latest
1.7.1Jira Data Center 7.4.0 - 8.18.22021-06-28REST API Improvement Version 1.7.1 • Released 2021-06-28 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialREST API only: when creating a token on behalf, the user key provided in the payload is validated first. If it doesn't belong to a user, HTTP status 400 and a message are returned.
To get familiar with the app, please refer to our documentation: https://wiki.resolution.de/doc/api-token-authentication/latest
1.7.0Jira Server 7.4.0 - 8.17.12021-04-19New Feature Version 1.7.0 • Released 2021-04-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAPI tokens can now also be used as bearer tokens, read more about it in our documentation
1.7.0Jira Data Center 7.4.0 - 8.17.12021-04-19New Feature Version 1.7.0 • Released 2021-04-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAPI tokens can now also be used as bearer tokens, read more about it in our documentation
1.6.3Jira Server 7.4.0 - 8.16.12021-03-25Security Improvements/ New Feature Version 1.6.3 • Released 2021-03-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSecurity Improvement
- Immediately invalidate active sessions that have been created with API tokens and have expired or were deleted in the meantime (Previously the session remained active until the session timeout was reached)
New Feature
- Added option to disable Session Cookie Based Authentication
1.6.3Jira Data Center 7.4.0 - 8.16.12021-03-25Security Improvements/ New Feature Version 1.6.3 • Released 2021-03-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSecurity Improvement
- Immediately invalidate active sessions that have been created with API tokens and have expired or were deleted in the meantime (Previously the session remained active until the session timeout was reached)
New Feature
- Added option to disable Session Cookie Based Authentication
1.6.1Jira Server 7.4.0 - 8.16.12021-02-16Release To Extend Shared Code Base For Bitbucket Compatibility Version 1.6.1 • Released 2021-02-16 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version has been created to offer our API Token solution also for Bitbucket.
In addition, admins of Jira 8.14 (or greater) can now also disable/ enable the Atlassian Personal Access Token app from within the API Token app's system wide configuration page.
1.6.1Jira Data Center 7.4.0 - 8.16.12021-02-16Release To Extend Shared Code Base For Bitbucket Compatibility Version 1.6.1 • Released 2021-02-16 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis version has been created to offer our API Token solution also for Bitbucket.
In addition, admins of Jira 8.14 (or greater) can now also disable/ enable the Atlassian Personal Access Token app from within the API Token app's system wide configuration page.
1.5.3Jira Server 7.4.0 - 8.15.12021-01-05Bugfix Release Version 1.5.3 • Released 2021-01-05 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialWhen using the session endpoint in Jira (/rest/auth/1/session) for authentication with an API Token and with no previous failed login attempts, a 500 error was thrown. This has been fixed now. That endpoint is used by other 3rd party apps, i.e. the Bob Swift CLI for Jira.
1.5.3Jira Data Center 7.4.0 - 8.15.12021-01-05Bugfix Release Version 1.5.3 • Released 2021-01-05 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialWhen using the session endpoint in Jira (/rest/auth/1/session) for authentication with an API Token and with no previous failed login attempts, a 500 error was thrown. This has been fixed now. That endpoint is used by other 3rd party apps, i.e. the Bob Swift CLI for Jira.
1.5.2Jira Server 7.4.0 - 8.14.12020-12-10Allowing API token authentication on all app endpoints Version 1.5.2 • Released 2020-12-10 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialYou can now use API Tokens not only on REST- but on any /plugins/servlet/ endpoints.This way, almost every app which is using Basic Authentication should be supported.
1.5.2Jira Data Center 7.4.0 - 8.14.12020-12-10Allowing API token authentication on all app endpoints Version 1.5.2 • Released 2020-12-10 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialYou can now use API Tokens not only on REST- but on any /plugins/servlet/ endpoints.This way, almost every app which is using Basic Authentication should be supported.
1.5.1Jira Server 7.4.0 - 8.14.12020-11-10CalDAV support for Confluence & Removed a misleading description from UI Version 1.5.1 • Released 2020-11-10 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- You can now also use API tokens for authentication with Confluence Team Calendars. Please be aware of that you need to use tokens with Read & Write scope for that to work.
- We've also removed a misleading description on the permission page which suggested that there is a checkbox to grant everyone the "Create Token On Behalf Permission" permission.
1.5.1Jira Data Center 7.4.0 - 8.14.12020-11-10CalDAV support for Confluence & Removed a misleading description from UI Version 1.5.1 • Released 2020-11-10 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- You can now also use API tokens for authentication with Confluence Team Calendars. Please be aware of that you need to use tokens with Read & Write scope for that to work.
- We've also removed a misleading description on the permission page which suggested that there is a checkbox to grant everyone the "Create Token On Behalf Permission" permission.
1.5.0Jira Server 7.4.0 - 8.13.62020-10-05New features: Token scopes, authentication log, and more Version 1.5.0 • Released 2020-10-05 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Features:
- Token scoping: read/write and read-only scopes can be used to restrict which 3rd party connections and scripts can make changes to the Jira & Confluence database and which can only read data. Scopes are per token but Read-Write tokens can only be assigned by users with a specific permission or not restricted at all.
- Audit logging of authentication events for complete oversight of successful and unsuccessful 3rd party logins
REST only:
- Custom expiration dates for scripts and connections with a limited lifetime
- User key lookups by email in addition to the standard username argument
Improvements:
- New toggle box to prevent path traversal vulnerabilities in REST URLs, and other under-the-hood changes to make “Disable Basic Authentication with User Password” more secure
1.5.0Jira Data Center 7.4.0 - 8.13.62020-10-05New features: Token scopes, authentication log, and more Version 1.5.0 • Released 2020-10-05 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew Features:
- Token scoping: read/write and read-only scopes can be used to restrict which 3rd party connections and scripts can make changes to the Jira & Confluence database and which can only read data. Scopes are per token but Read-Write tokens can only be assigned by users with a specific permission or not restricted at all.
- Audit logging of authentication events for complete oversight of successful and unsuccessful 3rd party logins
REST only:
- Custom expiration dates for scripts and connections with a limited lifetime
- User key lookups by email in addition to the standard username argument
Improvements:
- New toggle box to prevent path traversal vulnerabilities in REST URLs, and other under-the-hood changes to make “Disable Basic Authentication with User Password” more secure
1.4.2Jira Server 7.4.0 - 8.12.32020-08-25Bugfix Release Version 1.4.2 • Released 2020-08-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug where REST request headers containing a client IP address with a port number caused a null pointer exception. The exception was only thrown with one ore more IP restrictions applied.
1.4.2Jira Data Center 7.4.0 - 8.12.32020-08-25Bugfix Release Version 1.4.2 • Released 2020-08-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug where REST request headers containing a client IP address with a port number caused a null pointer exception. The exception was only thrown with one ore more IP restrictions applied.
1.4.1Jira Server 7.4.0 - 8.11.12020-07-09Security Hotfix Version 1.4.1 • Released 2020-07-09 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a security vulnerability, please read here for more details:https://wiki.resolution.de/doc/api-token-authentication/latest/security-advisories/2020-07-09-sql-injection-vulnerability
1.4.1Jira Data Center 7.4.0 - 8.11.12020-07-09Security Hotfix Version 1.4.1 • Released 2020-07-09 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a security vulnerability, please read here for more details:https://wiki.resolution.de/doc/api-token-authentication/latest/security-advisories/2020-07-09-sql-injection-vulnerability
1.3.2Jira Server 7.4.0 - 8.10.12020-07-09Security Hotfix Version 1.3.2 • Released 2020-07-09 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a security vulnerability, please read here for more details:https://wiki.resolution.de/doc/api-token-authentication/latest/security-advisories/2020-07-09-sql-injection-vulnerability
1.3.2Jira Data Center 7.4.0 - 8.10.12020-07-09Security Hotfix Version 1.3.2 • Released 2020-07-09 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a security vulnerability, please read here for more details:https://wiki.resolution.de/doc/api-token-authentication/latest/security-advisories/2020-07-09-sql-injection-vulnerability
1.2.3Jira Server 7.4.0 - 8.8.12020-04-20Security Bugfix release Version 1.2.3 • Released 2020-04-20 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialIf configuration was not restricting token usage to sys-admins only, a low privileged user could overwrite token descriptions of other user's tokens via the REST API. To do that, a user would have needed to guess the id of a token to be used in the update call (tokens are added to the database with a sequential Id). This refers to overwriting token descriptions only. At no point was the actual token exposed or at Risk.
CVSS: Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VRT:Broken Access Control (BAC) > Insecure Direct Object References (IDOR)
1.2.3Jira Data Center 7.4.0 - 8.8.12020-04-20Security Bugfix release Version 1.2.3 • Released 2020-04-20 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialIf configuration was not restricting token usage to sys-admins only, a low privileged user could overwrite token descriptions of other user's tokens via the REST API. To do that, a user would have needed to guess the id of a token to be used in the update call (tokens are added to the database with a sequential Id). This refers to overwriting token descriptions only. At no point was the actual token exposed or at Risk.
CVSS:Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VRT:Broken Access Control (BAC) > Insecure Direct Object References (IDOR)
1.2.2Jira Server 7.4.0 - 8.8.12020-03-16Bugfix release Version 1.2.2 • Released 2020-03-16 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug where a user already authorized was not detected as such and caused a 403 error.
Added support for older/ outdated browsers (i.e. Firefox 59), which were preventing the frontend to load properly.
1.2.2Jira Data Center 7.4.0 - 8.8.12020-03-16Bugfix release Version 1.2.2 • Released 2020-03-16 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialFixed a bug where a user already authorized was not detected as such and caused a 403 error.
Added support for older/ outdated browsers (i.e. Firefox 59), which were preventing the frontend to load properly.
1.2.1Jira Server 7.4.0 - 8.7.12020-03-09Added more token validity time options Version 1.2.1 • Released 2020-03-09 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded more token validity time options to choose from.So far, only 6, 12 and 24 month could be selected in the UI but now users can additionally select an expiration time ranging from 1 to 5 months.
1.2.1Jira Data Center 7.4.0 - 8.7.12020-03-09Added more token validity time options Version 1.2.1 • Released 2020-03-09 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialAdded more token validity time options to choose from.So far, only 6, 12 and 24 month could be selected in the UI but now users can additionally select an expiration time ranging from 1 to 5 months.
1.2.0Jira Server 7.4.0 - 8.7.12020-02-20New feature, Getting started wizard Version 1.2.0 • Released 2020-02-20 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- added a checkbox so that admins can allow regular users to use API tokens created for them by admins or created earlier by regular user, prior limiting token creation to admin users
- added a wizard for easier setup and getting started
- added more in-app links to the documentation and our support center
1.2.0Jira Data Center 7.4.0 - 8.7.12020-02-20New feature, Getting started wizard Version 1.2.0 • Released 2020-02-20 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- added a checkbox so that admins can allow regular users to use API tokens created for them by admins or created earlier by regular user, prior limiting token creation to admin users
- added a wizard for easier setup and getting started
- added more in-app links to the documentation and our support center
1.1.1Jira Server 7.4.0 - 8.7.12020-02-05New features & Bug Fixes Version 1.1.1 • Released 2020-02-05 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialBugfix:
- fixed the bug causing the failed login counter to be increased when using API tokens
- fixed the bug not returning the correct X-Seraph-LoginReason status value
New Features:
- tokens can now have a validity/ expiration time of up to two years
- sysadmins can disable token creation and usage for regular users
- sysadmins can create tokens for other users
- token creation and deletion will create audit log records in Jira and Confluence
- added a REST endpoint for sysadmins to filter tokens from all users in the system, i.e. to send expiration warnings with a custom automation
1.1.1Jira Data Center 7.4.0 - 8.7.12020-02-05New features & Bug Fixes Version 1.1.1 • Released 2020-02-05 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialBugfix:- fixed the bug causing the failed login counter to be increased when using API tokens
- fixed the bug not returning the correct X-Seraph-LoginReason status value
New Features:
- tokens can now have a validity/ expiration time of up to two years
- sysadmins can disable token creation and usage for regular users
- sysadmins can create tokens for other users
- token creation and deletion will create audit log records in Jira and Confluence
- added a REST endpoint for sysadmins to filter tokens from all users in the system, i.e. to send expiration warnings with a custom automation