Project Configurator for Jira Server and DC

Version 3.7

3.7.0

17 Dec 2020

Compatible with Jira Server & Jira Data Center 7.1.10-8.14.0

Fixes & Improvements

  • Security Vulnerability: Fixed security vulnerabilities in accordance with our Bug Bounty program. These vulnerabilities affect all prior versions of Project Configurator up to and including 3.6.2. We strongly advise that you upgrade to version 3.7.0 or later.

If you are using console scripts to automate your export and import tasks, you will also need to update the commands used to invoke these scripts. See the Automating Export and Import of Projects page of our documentation.

Refer to the individual issues for more information on the vulnerabilities:

  • PCDEV-1765 - Security Vulnerability - CSRF global protection

  • PCDEV-1768 - Security Vulnerability - Unauthenticated and regular users can access some restricted resources

  • PCDEV-1769 - Security Vulnerability - XSS Injection

  • PCDEV-1770 - URL Path traversal allows export file to be saved to any path