5.4.19.1

New Features

  • ScriptRunner Remote Events Code Execution Vulnerability
    • An HTTP POST made to /rest/scriptrunner/latest/remote-events with a specially crafted JSON payload could lead to unrestricted Groovy code execution for any logged-in user, regardless of permissions.
    • This security vulnerability has been fixed in ScriptRunner 5.4.19.1; it is recommended all customers upgrade to 5.4.19.1+ where possible.
    • If no firewall is enabled, users must update ScriptRunner to include this security patch.
    • If using a proxy server in front of the application, blocking HTTP requests beginning with rest/scriptrunner/latest/remote-events/* mitigates the vulnerability.

5.4.19

New Features

  • New user interface
    • The user interface has been rewritten to provide a more user friendly experience. The appearance is very similar to the existing UI.
  • Customize the UI with Script Fragments
    • Script Fragments are here for ScriptRunner for Bamboo! Add your own customized elements to the Bamboo user interface. This can range from simple buttons and dialogs to integrations, such as adding a static analysis tab to your build results.
    • Also with the power to add your own CSS and JavaScript resources with web resources, there are virtually no limits to what you can accomplish.
  • Script Search within Script File Input
    • You now have the ability to search for scripts contained within your configured script roots inside ScriptRunner. Wherever you used to be able to paste the path of a script, you can now search for the script directly in the file input. Simply start typing the name of your script and the search will present suggestions that you can select!

Updates

  • [SRBAM-86] - port new UI to bamboo
  • [SRBAM-57] - Further build-killing listeners
  • [SRBAM-15] - As an Administrator, I need to install custom web resources to modify the UI of Bamboo
  • [SRBAM-16] - As a Script Developer, I need to know where fragments are located in Bamboo so I know where it is possible to inject my own web items
  • [SRBAM-48] - Switch user - integration testing
  • [SRBAM-50] - Integration Test - View Server Log Files
  • [SRBAM-51] - Integration test - Expired JDK listener
  • [SRBAM-52] - Integration test - Script Jobs
  • [SRBAM-66] - As an Administrator, I need to embed custom web sections in Bamboo in order to get relevant content from outside Bamboo visible to my developers
  • [SRBAM-67] - As an Administrator, I need to embed my own web items so I can help users perform actions relevant to them not available to Bamboo
  • [SRBAM-70] - Specific Use Case: Add a tab to the build that displays information about the build (such as static analysis results)

Bug Fixes

  • [SRBAM-46] - Script Jobs User Picker does not do user search when editing an existing job
  • [SRBAM-71] - Searching for web fragments is hard to read
  • [SRBAM-85] - Bamboo restart does not startup the plugin correctly
  • [SRBAM-110] - Can not add new tasks/conditions through the UI for later Bamboo versions