How to prevent some workflow-functions from being listed under Jira's 'Add Post Function To Transition' screen

We have a plugin in Jira using osworkflow to define our own custom workflow. Atlassian recently(Jira v8.18.0) introduced a security enhancement that secures customer’s instances from remote code execution ([JRASERVER-72660] Remote code execution in workflow import - CVE-2017-18113 - Create and track feature requests for Atlassian products.). Due to this fix workflow-functions and conditions used in our apps custom workflows stopped working.
Jira logs showed a warning -

To disable the protection in Jira 8.18.1 and above administrators can enable the dark feature flag:

Asking our customers to enable the dark feature flag was not possible as it will reintroduce the security vulnerability for them.

So we contacted the Atlassian’s engineering team, they suggested the below 2 solutions -

  1. export com.amoeboids.apps.service.workflow.condition.PermissionCondition as workflow module
  2. temporary override osworkflow type resolver
    TypeResolver originalResolver = TypeResolver.getResolver(); TypeResolver.setResolver(new TypeResolver()); // here invoke osworkflow TypeResolver.setResolver(originalResolver);

First solution was recommended over second and we exported the required conditions/functions from our app using Workflow modules.
Due to this change, our workflow functions started getting listed on Jira’s ‘Add Post Function To Transition’ screen.
Can we prevent this? as these functions are not intended for Jira’s internal workflows?

We have gone through and do not see any solution here.

Hi @sagar

I am using simple JS code on these pages (AddWorkflowTransitionPostFunction, AddWorkflowTransitionValidator, AddWorkflowTransitionCondition)



Thanks for the reply @adam.labus.
Can you please tell where should I add this JS in our App? So that it will load on these pages (AddWorkflowTransitionPostFunction, AddWorkflowTransitionValidator, AddWorkflowTransitionCondition).

Hi @sagar

generally i added new js file to atlassian-plugin.xml file

   <web-resource key="KEY-resources" name="NAME-resource">
        <resource type="download" name="FILE.js" location="/FOLDER/FILE.js"/>

Now you have to decide whether you have the condition for these pages in the js file or in condition in the web-resource


Hi @adam.labus,
Thank you for this information. I just tried this and it worked.

you’re welcome.


Pada tanggal Kam, 23 Jun 2022 21.35, Sagar Jadhav via The Atlassian Developer Community <> menulis: