-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hey Toolserver admins,
I wanted to raise an issue about an ongoing set of attacks against JIRA installations. Yesterday, I received an email from Atlassian indicating that their JIRA installation had been compromised and to reset passwords. Today, the Apache foundation sent me an email regarding the same attack against their own team.
The attack is a XSS attack against JIRA that is now patched (and was patched today, April 13). A good set of details about it are at https://blogs.apache.org/infra/entry/apache_org_04_09_2010
I'm not saying Toolserver's JIRA has been or will be attacked, but the script kiddies behind this seem to be going after high-profile locations so I think it would be prudent to update JIRA when you can just to be safe. I thought I'd let you all know.
Regards, - -- Shirik