Tootfinder

#OH: #JIRA is where my productivity goes to die

A malicious Jira ticket can cause Cursor to exfiltrate secrets from the repository or local file system. But this is not just a problem with Cursor: GitHub MCP connections can also be exploited to expose private repository data, and a vulnerability in GitLab Duo allowed private information to be exposed through automatically rendered HTML code.

AgentFlayer: When a Jira Ticket Can Steal Your Secrets
TL;DR: A 0click attack through a malicious Jira ticket can cause Cursor to exfiltrate secrets from the repository or local file system.

Noch einige der zuletzt hier besonders häufig geteilten #News:
Statt Jira und Confluence: OpenProject und XWiki planen Open-Source-Alternative

Issue Tracking Ecosystems: Context and Best Practices
Lloyd Montgomery
https://arxiv.org/abs/2507.06704 https://arxiv.org/pdf/2507.06…

Issue Tracking Ecosystems: Context and Best Practices
Issue Tracking Systems (ITSs), such as GitHub and Jira, are popular tools that support Software Engineering (SE) organisations through the management of ``issues'', which represent different SE artefacts such as requirements, development tasks, and maintenance items. ITSs also support internal linking between issues, and external linking to other tools and information sources. This provides SE organisations key forms of documentation, including forwards and backwards traceability (e.g., Feature…

Dark Theme für #Jira in meiner Firma ausgerollt, darauf wartet ich seit Jahren :)

Noch einige der zuletzt hier besonders häufig geteilten #News:
Statt Jira und Confluence: OpenProject und XWiki planen Open-Source-Alternative

Gemini also asserts my oldest emails are from April 2003 but produces incorrect info when asked for details. Gmail didn't even exist until April 2004 and regular search finds nothing before then. (It does find a lot of Jira spam starting April 8 2004, some things never change.)

Me, at lunch:
*walks into bodega with screaming fire alarm going off in building*
*shops for sandwich and Monster*
Clerk: “don’t worry about the alarm; it’s just a test.”
Me, dead-eyed, mid-cyber incident response: “I don’t care.”
*exits stage left, pursued by a Jira ticket.*
Yes, it really happened. I recommend the Knuckle Sandwich with pork and jam.

I have discovered a secret Jira install at work 🤢

@… @… Doesn’t surprise me, but it does sadden me somewhat. I think there’s an alternate universe where Jira is useful.
I wrote a long post when they had that massive outage and data loss a while back, about how this was inevitable, be…

@… Mine might be Jira tickets…

@… @… Tempting, but it’s old now, and hopefully I’ll have a much more positive one to write in a month or two. I have received the green light to exorcise Jira from my team.

@… @… I am so glad I’ve never had to deal with this.
I have written a Jira plugin, though, and just going near their Java APIs was enough.
(I eventually threw it away and wrote a JavaScript bookmarklet that just reformatted the …