API Token Authentication for Jira expand connection security

Compatibility release for Jira 11

Compatibility release for Jira 11

• Updated 3rd-party libraries

• Updated 3rd-party libraries

• Allowing servicedesk customers to create tokens via REST, provided the permissions in the app allow that
• 3rd-party and internal library updates

• Allowing servicedesk customers to create tokens via REST, provided the permissions in the app allow that
• 3rd-party and internal library updates

• Fixed a bug that caused the Jira session endpoint to return HTTP 500 if the user trying to authenticate doesn't exist
• Updated an internal library

• Fixed a bug that caused the Jira session endpoint to return HTTP 500 if the user trying to authenticate doesn't exist
• Updated an internal library

Added values of 1 to 4 minutes to the "Maximum/ Rate Limit Bucket Lifetime" option.

Added values of 1 to 4 minutes to the "Maximum/ Rate Limit Bucket Lifetime" option.

Jira 10 Compatibility Release

Jira 10 Compatibility Release

A new option in the System-Wide settings allows admins to control how often the 'Last Used' value of a token is being updated. Read here for more details.

A new option in the System-Wide settings allows admins to control how often the 'Last Used' value of a token is being updated. Read here for more details.

• To be prepared for upcoming changes in the Atlassian audit-logging service we refactored the app's code accordingly and improved how details of events are being tracked
• • you can compare the differences in our documentation: new version and old version
• Fixed a bug causing broken links to the Atlassian application (i.e. the audit log) in our UI whenever the instance was using an application context path

• Fixed a bug introduced with version 2.5.0 that caused HTTP status code 403 responses when using API Tokens with Basic Authentication whenever "Disable Basic Authentication with User Password" was enabled in "System-Wide Settings"
• 3rd-Party Library Updates

• To be prepared for upcoming changes in the Atlassian audit-logging service we refactored the app's code accordingly and improved how details of events are being tracked
• • you can compare the differences in our documentation: new version and old version
• Fixed a bug causing broken links to the Atlassian application (i.e. the audit log) in our UI whenever the instance was using an application context path

• Fixed a bug introduced with version 2.5.0 that caused HTTP status code 403 responses when using API Tokens with Basic Authentication whenever "Disable Basic Authentication with User Password" was enabled in "System-Wide Settings"
• 3rd-Party Library Updates

Fixed an issue causing log file messages about an error while extracting the user key.

Fixed an issue causing log file messages about an error while extracting the user key.

• Added an option to allow Basic Authentication on all endpoints/ paths; read more about it here
• Optimised app configuration processing for performance

• Added an option to allow Basic Authentication on all endpoints/ paths; read more about it here
• Optimised app configuration processing for performance

Fixed a bug preventing a successful Bearer Authentication with other authenticators even if they were still allowed.

Fixed a bug preventing a successful Bearer Authentication with other authenticators even if they were still allowed.

Please refer to the release notes for more details.

Please referr to the release notes for more details.

Updated OkHttp and Okio libraries

Updated OkHttp and Okio libraries

Added configuration option to limit the number of maximum active tokens a user can have at a time. Read more about it in our documentation.

Added configuration option to limit the number of maximum active tokens a user can have at a time. Read more about it in our documentation.

Added log file entry in case Bearer Authentication with a token fails. Please be aware that these failures are currently not audit-logged. We'll add this soon in an upcoming release.

Added log file entry in case Bearer Authentication with a token fails. Please be aware that these failures are currently not audit-logged. We'll add this soon in an upcoming release.

Fixed a bug affecting the log file entries for tokens deleted on behalf of another user. The records mentioned the wrong user key. The audit log was not affected by that bug.

Fixed a bug affecting the log file entries for tokens deleted on behalf of another user. The records mentioned the wrong user key. The audit log was not affected by that bug.