Skip to content

AXON-1869: Stop fetching external images#1576

Merged
jwang19-atlassian merged 4 commits intomainfrom
axon-1869-ssrf-jira-image-issue
Feb 5, 2026
Merged

AXON-1869: Stop fetching external images#1576
jwang19-atlassian merged 4 commits intomainfrom
axon-1869-ssrf-jira-image-issue

Conversation

@jwang19-atlassian
Copy link
Contributor

@jwang19-atlassian jwang19-atlassian commented Feb 5, 2026
edited by atlassian bot
Loading

What Is This Change?

There is a vulnerability exposed here
https://atlassian.slack.com/archives/C07TU1NSUCE/p1770226313445609

Add a break to stop fetching external images in Jira issue page

How Has This Been Tested?

Basic checks:

  • npm run lint
  • npm run test

Rovo Dev has reviewed this pull request
Any suggestions or improvements have been posted as pull request comments.

@jwang19-atlassian jwang19-atlassian marked this pull request as ready for review February 5, 2026 04:00
@atlassian
Copy link
Contributor

atlassian bot commented Feb 5, 2026

The issue is ready for review, and the below acceptance criteria have been met:

  • ✅ Determine if the current behavior of skipping external domain images is expected.
  • ✅ Investigate and implement a fix if the behavior is not expected.

Code Reviewer could not determine whether the following acceptance criteria have been met:

  • Verify if the VSCode extension skips fetching images from external domains on Jira tickets.

Check Jira issue

cabella-dot
cabella-dot previously approved these changes Feb 5, 2026
View reviewed changes
cabella-dot
cabella-dot previously approved these changes Feb 5, 2026
View reviewed changes
@atlassian
Copy link
Contributor

atlassian bot commented Feb 5, 2026

The issue is ready for review.

The below acceptance criteria have not been met:

  • ❌ Investigate and implement a fix if the behavior is not expected.

Code Reviewer could not determine whether the following acceptance criteria have been met:

  • Verify if the VSCode extension skips fetching images from external domains on Jira tickets.
  • Determine if the current behavior of skipping external domain images is expected.

Check Jira issue

@atlassian
Copy link
Contributor

atlassian bot commented Feb 5, 2026

The issue is ready for review, and the acceptance criteria have been met:

  • ✅ Verify if the VSCode extension skips fetching images from external domains on Jira tickets.
  • ✅ Determine if the current behavior of skipping external domain images is expected.
  • ✅ Investigate and implement a fix if the behavior is not expected.

Check Jira issue

@jwang19-atlassian jwang19-atlassian merged commit 3888dfb into main Feb 5, 2026
13 checks passed
@jwang19-atlassian jwang19-atlassian deleted the axon-1869-ssrf-jira-image-issue branch February 5, 2026 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atlassian atlassian[bot] atlassian[bot] left review comments

@cabella-dot cabella-dot cabella-dot approved these changes

@bwieger-atlassian-com bwieger-atlassian-com Awaiting requested review from bwieger-atlassian-com bwieger-atlassian-com is a code owner

@sdzh-atlassian sdzh-atlassian Awaiting requested review from sdzh-atlassian sdzh-atlassian is a code owner

@marcomura marcomura Awaiting requested review from marcomura marcomura is a code owner

@teg-atlassian teg-atlassian Awaiting requested review from teg-atlassian teg-atlassian is a code owner

@om-ukr om-ukr Awaiting requested review from om-ukr om-ukr is a code owner

@sky-ocean-spirits sky-ocean-spirits Awaiting requested review from sky-ocean-spirits sky-ocean-spirits is a code owner

@BHulovatyi BHulovatyi Awaiting requested review from BHulovatyi BHulovatyi is a code owner

@Blastoplex Blastoplex Awaiting requested review from Blastoplex Blastoplex is a code owner

@mattcolman mattcolman Awaiting requested review from mattcolman mattcolman is a code owner

@matt-lassian matt-lassian Awaiting requested review from matt-lassian matt-lassian is a code owner

@dchiew-atl dchiew-atl Awaiting requested review from dchiew-atl dchiew-atl is a code owner

@amarg-at amarg-at Awaiting requested review from amarg-at amarg-at is a code owner

@ccallcottstevens ccallcottstevens Awaiting requested review from ccallcottstevens ccallcottstevens is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jwang19-atlassian @cabella-dot