The Public View of System Administrators Lists the System Administrator Names
Symptoms
As part of the security patch in JIRA Security Advisory 2010-04-16, the System Administrators page should not show any system admin names any longer:
However the "Contact administrators" link does show the system admin details.
Cause
There is an option that you can place in the jira-application.properties
file to allow administrators the ability to modify attachments/index/backup and restore paths via the administration screen:
jira.paths.set.allowed=true
The above option also enables administrators being displayed with the "Contact administrators" link.
Workaround
- Shut down JIRA.
- From
jira-application.properties
, set the propertyjira.paths.set.allowed
to false. - Restart JIRA.
Resolution
Upgrade to JIRA 4.1.2 or later.