Security: Marketplace permission to release new versions?

Hey everyone,

as security is ongoing and ever-present, we are also trying to weave everything into our build-process and tighten loose ends a bit.

Here’s what I’d like to do: Only allow our build infrastructure / API user to release new Marketplace versions, to avoid a breach where an employee is compromised and can release fraudulent updates (which on Jira Server basically equal to root access on the underlying system).

Currently, though, permissons do not seem to allow this:

My best guess what releasing new updates includes would be “Manage app details”? Unfortunately this also includes something like fixing spelling mistakes in the Marketplace listing, which is part of our business team, so that’s really bad to cluster this under one permission. Any idea?

Thanks
Tobias

4 Likes

As we are working on a ISO27001 certification this is still a pain - really no information around this? @mhart

1 Like

Hi @tobias.viehweger, Currently , Manage add-on details permission gives the ability to manage the complete App (Publish new versions and manage details of the app). If there is any suggestions/feedback/enhancement requests , You could write to us here.