How to apply this patch
==========================

Before applying the patch file, make a copy of your JIRA web application directory in case things go wrong.  This will allow you to more easily back out any changes.

1. Download the file jira_3_11_xss_patch.zip
2. Expand the zip file into  <jira_install_dir>/atlassian-jira/ overwriting the files there
3. Restart JIRA

If you are using the WAR distribution of JIRA:

1. Download the file jira_3_11_xss_patch.zip
2. Expand the zip file to <jira_install_dir>/webapp overwriting the files there
3. Run 'build.sh clean' on unix or 'build.bat clean' on windows
4. Run 'build.sh' on unix or 'build.bat' on windows
5. Redeploy the JIRA web app into your application server



The patch zip file contains the following files :

   Length     Date   Time    Name
 --------    ----   ----    ----
     3258  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/util/JiraUtils.class
    11379  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/action/filter/ManageFilters.class
    12817  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/action/setup/Setup.class
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/action/filter/
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/action/setup/
     4586  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/servlet/ViewAttachmentServlet.class
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/action/
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/servlet/
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/util/
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/web/
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/jira/
        0  12-13-07 08:36   WEB-INF/classes/com/atlassian/
        0  12-13-07 08:36   WEB-INF/classes/com/
        0  12-13-07 08:36   WEB-INF/classes/
    19449  12-13-07 08:36   500page.jsp
     1683  12-13-07 08:36   views/setup2-existingadmins.jsp
     1981  12-13-07 08:36   views/setup2.jsp
     2502  12-13-07 08:36   views/setup-import.jsp
     3777  12-13-07 08:36   views/setup3.jsp
    10102  12-13-07 08:36   views/setup.jsp
 --------                   -------
    71534                   20 files

If you have installed JIRA after the patch was produced (13 December 2007) then you may encounter a problem where your application server does not update the compiled
version of the JSP files.  You will need to delete the "working" directory that your application server uses to compile JSP pages.  On Tomcat, this is the "work" directory.