We have merged our Atlassian licensing and consulting business with our partners over at Seibert Group. The Actonic apps will continue to be developed by the same caring team as before.
Read more...

Why the next version of Report Builder needs your attention

By Andreas Springer1. August 2024Reading time: 2 minutes

On August 6th, 2024 Actonic’s Report Builder is getting a major update that focuses on improving security and data privacy for everyone. Whereas Report Builder does not share, send, or process your Jira data outside of your instance, we continually strive to enhance security overall. Here’s a breakdown of the key changes you’ll see:

Data privacy for shared reports

  • You’ll see a warning message before running reports, that have been shared with you by others.

  • This message reminds you to only run reports from people you trust, as the report author can potentially see the data used in the report. You may find more details in this guide.

Isolating the environment Scripted Reports are executed in

All Scripted Reports will be executed in an isolated iframe with disabled Same-Origin Policy (SOP). While SOP is generally a good thing, in the context of Report Builder, it might have posed a few risks in the past:

  • Potential for XSS (cross-site-scripting)
    If a malicious script is injected into a report, SOP could allow that script to access other parts of the application, leading to an XSS attack.

  • Increased attack surface
    By isolating reports in iframes and disabling SOP, the attack surface is reduced. This means that even if a malicious script is present in a report, its ability to cause harm is significantly limited.

In essence, by running reports in an isolated environment and disabling SOP, Report Builder is taking proactive steps to protect user data and prevent malicious attacks.

What You Need to Do

Here’s what you can expect as a regular user:

  • Built-in reports (gallery reports)
    You might see a message, asking you to update a report. Click the button to automatically update and continue using the report. If your permissions level is not enough to save the updated report, please contact report authors to save them.

  • Custom reports
    If you are a creator or an editor of a custom report, please follow this guide to update its code so that it will be compatible with the new execution environment. To update custom reports developed by Actonic, please contact our support team.

  • Reports shared with you by other users
    Pay attention to the data privacy warning before running reports from others. Only run reports from people you trust.

These changes are designed to enhance your overall experience with Actonic’s Report Builder while providing an extra layer of security for your data. Should you encounter any issues or require assistance, our support team is ready to help.

Additional information

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Related Posts

  1. Successful Jira Service Management Reporting with Examples