<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 06:49:10 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MGNLRES-281] FTL and YAML files are exposed over the /resources URI2RepositoryMapping</title>
                <link>https://jira.magnolia-cms.com/browse/MGNLRES-281</link>
                <project id="10282" key="MGNLRES">Magnolia Resources Module</project>
                    <description>&lt;p&gt;In order to use the processed resources app, one has to enable the URI2RepositoryMapping for the resources workspace. Since 5.4 the resources workspace contains FTL and YAML files, and these are exposed to the website user over the mapping.&lt;/p&gt;

&lt;p&gt;The new resourcing has security checks in place exactly for this reason (hardcoded in ResourcesServlet for yaml, ftl, class, java).&lt;/p&gt;

&lt;p&gt;Please add equivalent security checks to the processed resources app.&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;ProposedSolution&quot;&gt;&lt;/a&gt;Proposed Solution&lt;/h3&gt;

&lt;p&gt;Proposal can be found at &lt;a href=&quot;https://wiki.magnolia-cms.com/pages/viewpage.action?pageId=125176642&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://wiki.magnolia-cms.com/pages/viewpage.action?pageId=125176642&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="53716">MGNLRES-281</key>
            <summary>FTL and YAML files are exposed over the /resources URI2RepositoryMapping</summary>
                <type id="1" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10883&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/critical.svg">Critical</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="ilgun">Ilgun Ilgun</assignee>
                                    <reporter username="bvass">Bence Vass</reporter>
                        <labels>
                            <label>security</label>
                            <label>support</label>
                    </labels>
                <created>Thu, 14 Jul 2016 10:31:51 +0200</created>
                <updated>Tue, 29 Mar 2022 12:45:26 +0200</updated>
                            <resolved>Tue, 20 Sep 2016 16:04:03 +0200</resolved>
                                    <version>2.4.6</version>
                                    <fixVersion>2.4.8</fixVersion>
                    <fixVersion>2.5</fixVersion>
                                        <due></due>
                            <votes>1</votes>
                                    <watches>12</watches>
                                                    <progress percentage="100">
                                    <originalProgress>
                                                    <row percentage="0" backgroundColor="#89afd7"/>
                                                    <row percentage="100" backgroundColor="transparent"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="100" backgroundColor="#51a825"/>
                                                    <row percentage="0" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </progress>
                                    <aggregateprogress percentage="100">
                                    <originalProgress>
                                                    <row percentage="0" backgroundColor="#89afd7"/>
                                                    <row percentage="100" backgroundColor="transparent"/>
                                            </originalProgress>
                                                    <currentProgress>
                                                    <row percentage="100" backgroundColor="#51a825"/>
                                                    <row percentage="0" backgroundColor="#ec8e00"/>
                                            </currentProgress>
                            </aggregateprogress>
                                            <timeestimate seconds="0">0d</timeestimate>
                            <timespent seconds="56700">1d 7.75h</timespent>
                                <comments>
                            <comment id="128770" author="runger" created="Thu, 14 Jul 2016 11:25:32 +0200"  >&lt;p&gt;Well found. This is a serious security issue, as YAML definitions can contain potentially secret values like API-Keys, etc... Just on principle, as good security requires minimizing information disclosure, FTL and YAML files should not be exposed.&lt;/p&gt;</comment>
                            <comment id="129412" author="fuchs.florian" created="Mon, 25 Jul 2016 14:39:43 +0200"  >&lt;p&gt;Not only FTLs, but also other files leak information about the system e.g. &lt;a href=&quot;http://demopublic.magnolia-cms.com/.resources/README.txt&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://demopublic.magnolia-cms.com/.resources/README.txt&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="129696" author="had" created="Fri, 29 Jul 2016 14:10:33 +0200"  >&lt;p&gt;Actually you are mixing multiple things in this issue.&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;URI2RepositoryMapping&lt;/tt&gt; for &lt;tt&gt;resources&lt;/tt&gt; workspace pointing to &lt;tt&gt;/resources/&lt;/tt&gt; is enabled by &lt;tt&gt;resources&lt;/tt&gt; module not by processed resources and doesn&apos;t allow rendering of the raw resources (e.g. &lt;tt&gt;ftl&lt;/tt&gt; or &lt;tt&gt;yaml&lt;/tt&gt;).&lt;/p&gt;

&lt;p&gt;We will investigate what happens when you install processed resources and see that no raw templates or configuration leaks.&lt;/p&gt;

&lt;p&gt;As for what Florian pointed out, &lt;tt&gt;/.resources&lt;/tt&gt; is not &lt;tt&gt;URI2RepositoryMapping&lt;/tt&gt; but a servlet mapping for &lt;tt&gt;ResourcesServlet&lt;/tt&gt;. Servlet ootb deny serving plain content of any ftl, java,class or yaml files, but all else is allowed. IF you want to hide txt files, simply configure bypass for the servlet. Nothing to do with processed resources (BTW processed resources module is not installed on demo).&lt;/p&gt;</comment>
                            <comment id="130291" author="had" created="Wed, 10 Aug 2016 14:54:08 +0200"  >&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;the log message should not be warn but debug. You don&apos;t want others to fill up your log files just because they are stanning urls&lt;/li&gt;
	&lt;li&gt;tho most likely, there should be security audit log message produced about incident&lt;/li&gt;
	&lt;li&gt;list of restricted/allowed resources should be configurable&lt;/li&gt;
	&lt;li&gt;as pointed out above excluding just yaml/ftl/java/class could not be enough&lt;/li&gt;
	&lt;li&gt;consider allowing configuration of the list via &lt;tt&gt;magnolia.properties&lt;/tt&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="130301" author="had" created="Wed, 10 Aug 2016 16:19:12 +0200"  >&lt;p&gt;... building up on what i wrote before and making sure it&apos;s absolutely clear: in difference from original implementation that was whitelisting all and explicitly blacklisting some types, we should do the opposite and blacklist everything and only explicitly allow some types (css, js, htm, html).&lt;/p&gt;</comment>
                            <comment id="130312" author="ejervidalo" created="Wed, 10 Aug 2016 16:50:55 +0200"  >&lt;p&gt;&lt;a href=&quot;https://jira.magnolia-cms.com/secure/ViewProfile.jspa?name=mgeljic&quot; class=&quot;user-hover&quot; rel=&quot;mgeljic&quot;&gt;mgeljic&lt;/a&gt; had another proposal which I like even more. Serve resources based on a directory-convention and disallow everything else.. &lt;/p&gt;

&lt;p&gt;templates/&lt;br/&gt;
dialogs/&lt;br/&gt;
(resources|res) &amp;lt;- allowed&lt;/p&gt;</comment>
                            <comment id="130314" author="had" created="Wed, 10 Aug 2016 16:55:56 +0200"  >&lt;p&gt;resources folder would have been fine if that was something we came up with originally, doing this now would break existing installations requiring people to move the files. I don&apos;t think it&apos;s acceptable as that would generate major work for anyone updating to given version.&lt;/p&gt;</comment>
                            <comment id="130382" author="mgeljic" created="Thu, 11 Aug 2016 11:59:09 +0200"  >&lt;p&gt;Yeah, though I was not making any assumption about what this would look like (For one I was never fond of a resources sub-dir on that level).&lt;/p&gt;

&lt;p&gt;Just saying neither blacklisting nor whitelisting is a silver bullet for exposing/hiding resource types&#8212;we&apos;ll never list all potential types one may use, be it video formats, svg, or what have you, it&apos;s just too arbitrary or irrelevant; even if we raise &lt;em&gt;&quot;it&apos;s configurable&quot;&lt;/em&gt; as a magic wand, it could rather be circumvented by design imo (backend vs. frontend resource files).&lt;br/&gt;
Anyway, it&apos;s nothing we&apos;d change in a haste at all, current situation is generally ok, while it still is possible to do more fine-grained URI security.&lt;/p&gt;

&lt;p&gt;That debate apart, back to the original issue about the URI2Repository mapping:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;The resources workspace only contains yaml/ftl if you&apos;ve got something either installed in legacy ways (or migrated from inplace-templating and no yet cleaned up) or hotfixed (only case for yaml). And if you don&apos;t, then nothing is exposed.&lt;/li&gt;
	&lt;li&gt;&lt;tt&gt;URI2ResourcesRepositoryMapping&lt;/tt&gt; never filtered anything out; yet I don&apos;t mind if we do so ootb or leave it to implementors for those &quot;backend types&quot; newly introduced into that workspace.&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="132941" author="cmeier" created="Mon, 3 Oct 2016 13:50:17 +0200"  >&lt;p&gt;&lt;a href=&quot;https://jira.magnolia-cms.com/secure/ViewProfile.jspa?name=ilgun&quot; class=&quot;user-hover&quot; rel=&quot;ilgun&quot;&gt;ilgun&lt;/a&gt; - What was the final solution?&lt;br/&gt;
What should we mention on the Release notes? and on the docs pages?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10160">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10010">
                    <name>relation</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="54340">MGNLRES-284</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="35870" name="config-details.png" size="77665" author="cmeier" created="Tue, 4 Oct 2016 10:33:59 +0200"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14169" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Bug DoR</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                        
        <div style="margin-bottom: 8px;">
                            <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>0/2</span></span></div>
                    
            <div class="checklist-progress-bar-wrapper" style="">
        <div class="checklist-progress-bar" style="position: relative; width: 100%; background-color: #cccccc; margin-bottom: 2px; margin-top: 5px;">
                        <div class="checklist-progress" style="display: block; float: none; width: 0%; height: 2px; background: #14892c;">
                            </div>
        </div>
    </div>
        </div>
    
                                    <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span>Steps to reproduce, expected, and actual results filled</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                                <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span>Affected version filled</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                            ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>extern.lfrz.gv.at</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 14 Jul 2016 11:25:32 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12130" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Documentation update required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="13300"><![CDATA[Yes]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>dmaslanka</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 19 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>bvass</customfieldvalue>
            <customfieldvalue>cmeier</customfieldvalue>
            <customfieldvalue>ejervidalo</customfieldvalue>
            <customfieldvalue>fuchs.florian</customfieldvalue>
            <customfieldvalue>ilgun</customfieldvalue>
            <customfieldvalue>had</customfieldvalue>
            <customfieldvalue>mgeljic</customfieldvalue>
            <customfieldvalue>runger</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzzzq1:zr520ezxz8iwfi</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10220" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Release notes required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10490"><![CDATA[Yes]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10245" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="328">Basel 62</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10242" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_14168" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Task DoD</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                        
        <div style="margin-bottom: 8px;">
                            <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>0/6</span></span></div>
                    
            <div class="checklist-progress-bar-wrapper" style="">
        <div class="checklist-progress-bar" style="position: relative; width: 100%; background-color: #cccccc; margin-bottom: 2px; margin-top: 5px;">
                        <div class="checklist-progress" style="display: block; float: none; width: 0%; height: 2px; background: #14892c;">
                            </div>
        </div>
    </div>
        </div>
    
                                    <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span>Doc/release notes changes? Comment present?</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                                <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span>Downstream builds green?</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                                <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span>Solution information and context easily available?</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                                <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span><strong>Tests</strong></span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                                <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><path d="M0.441406 6.94141C0.441406 5.28455 1.78455 3.94141 3.44141 3.94141H15.4414C17.0983 3.94141 18.4414 5.28455 18.4414 6.94141V18.9414C18.4414 20.5983 17.0983 21.9414 15.4414 21.9414H3.44141C1.78455 21.9414 0.441406 20.5983 0.441406 18.9414V6.94141Z" fill="#EFF4FB" /><path fill-rule="evenodd" clip-rule="evenodd" d="M12.4414 3.94141H3.44141C1.78455 3.94141 0.441406 5.28455 0.441406 6.94141V18.9414C0.441406 20.5983 1.78455 21.9414 3.44141 21.9414H15.4414C17.0983 21.9414 18.4414 20.5983 18.4414 18.9414V9.94141H17.4414V18.9414C17.4414 20.046 16.546 20.9414 15.4414 20.9414H3.44141C2.33684 20.9414 1.44141 20.046 1.44141 18.9414V6.94141C1.44141 5.83684 2.33684 4.94141 3.44141 4.94141H12.4414V3.94141Z" fill="#ADBBD0" /><path d="M21.5306 5.91574L19.3486 4.58101L21.5306 3.24628C21.5681 3.22328 21.595 3.18633 21.6053 3.14348C21.6156 3.10063 21.6084 3.05545 21.5855 3.01792L20.9444 1.96985C20.8966 1.89162 20.7942 1.86696 20.716 1.91479L18.6331 3.18898V0.747138C18.6331 0.65546 18.5587 0.581055 18.4671 0.581055H17.2386C17.1469 0.581055 17.0725 0.65546 17.0725 0.747138V3.18898L14.9896 1.91487C14.9112 1.86704 14.8091 1.89162 14.7612 1.96993L14.1201 3.018C14.0972 3.05554 14.09 3.10071 14.1003 3.14356C14.1106 3.18641 14.1375 3.22336 14.175 3.24637L16.3571 4.58101L14.175 5.91574C14.1375 5.93866 14.1106 5.9757 14.1003 6.01847C14.09 6.0614 14.0972 6.10657 14.1201 6.14411L14.7612 7.1921C14.8091 7.27032 14.9112 7.29507 14.9896 7.24724L17.0725 5.97304V8.41489C17.0725 8.50657 17.1469 8.58097 17.2386 8.58097H18.4671C18.5587 8.58097 18.6331 8.50657 18.6331 8.41489V5.97313L20.7161 7.24715C20.7943 7.29499 20.8967 7.27032 20.9444 7.19218L21.5856 6.14411C21.6085 6.10657 21.6157 6.0614 21.6054 6.01855C21.5952 5.97562 21.5682 5.93875 21.5306 5.91574Z" fill="#de350b" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span><strong>FixVersion</strong> filled and not yet released</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                                <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="unchecked"><rect fill="#EFF4FB" height="17.5" rx="2.5" stroke="#ADBBD0" width="18" x="0.44141" y="3.94141"/></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span >
                                                        <span>Architecture Decision Record (<strong>ADR</strong>)</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                            ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12430" key="com.atlassian.teams:rm-teams-custom-field-team">
                        <customfieldname>Team</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[27]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>