"Contact Administrators" on JIRA Page Footer Throws a Blank List

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

  1. The instance runs a JIRA version newer than 4.1.1.
  2. You click on the button "Contact Administrators" at the footer of any JIRA's page but the administrators list are not displayed. You only a see a blank list.

Anything else appears on system logs.

Cause

From version 4.1.1 JIRA comes with the option jira.paths.set.allowed inside $JIRA_INSTALL/atlassian-jira/WEB-INF/classes/jira-application.properties  disabled by default due to the following security vulnerability: XSS and Privilege Escalation Vulnerabilities in JIRA.

Resolution

  1. Firstly, understand the security vulnerabilities that this options leads if enabled. Do not proceed if you believe that your instance won't be safe. Please see JRA-21004.
  2. Edit $JIRA_INSTALL/atlassian-jira/WEB-INF/classes/jira-application.properties, uncomment and set the line jira.paths.set.allowed as true: jira.paths.set.allowed=true.
  3. Restart the instance confirm that the Contact Administrators link is working now.
Last modified on Feb 26, 2016

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.