Skip to main content
Skip table of contents

2025-06-06

Version 10.5.2 - Version 9.31.4, released on June 6, 2025 | Golive Marketplace Listing | Version History

Security Fix

Automation Engine

Previously, users with the Golive Administrator permission could configure automation rule endpoints without restrictions. This level of access was considered secure, as it aligned with Jira administrator permissions.

However, a recent third-party security review (CVE-2025-45939) identified a potential risk: a user with Golive Administrator permissions could exploit this capability to perform server-side request forgery (SSRF).

To mitigate this, Golive now aligns with Jira’s native security controls. From this release onward, automation rule endpoints must be explicitly allowed through Jira’s outgoing URL allowlist. This ensures only trusted endpoints can be used in Golive automation.

This security check can be disabled, but only by a Jira administrator, maintaining centralized control.

For further details, refer to our Manage Automations documentation.

Bug Fixes

  • Fixed a blinking issue affecting the STAGIL Table custom field in Jira Service Management (JSM).

We appreciate your feedback and thank you for your continued support.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close