This is the patch instructions for the security bug JRA-15664

	http://jira.atlassian.com/browse/JRA-15664
	http://confluence.atlassian.com/pages/viewpage.action?pageId=170495046

NOTES : 

If you have changed webwork.properties, for example to increase the maximum file upload
size, then you will have to reapply your changes back into the new webwork.properties file.
You MUST use the webwork.properties file supplied in this patch.  It contains an entry that is
crucial to the way this security fix works.  Do not simple copy your old webwork.properties
file back in place.


WINDOWS USERS : Do not use the built in Windows ZIP extractor to apply this patch!

By default it replaces all the files in a directory instead of merging the files in.
If this happens, JIRA will not be able to work correctly.  Use another zip tool such
as WinZip or 7-Zip.



How to apply this patch
==========================

Before applying the patch file, make a copy of your JIRA web application directory in case 
things go wrong.  This will allow you to more easily back out any changes.


If you are using the Standalone distribution of JIRA:

1. Download the file jra-15664-3.8.1-patch.zip
2. Expand the zip file into  <jira_install_dir>/atlassian-jira/ overwriting the files there
3. Restart JIRA


If you are using the WAR distribution of JIRA:

1. Download the file jra-15664-3.8.1-patch.zip
2. Expand the zip file to <jira_install_dir>/webapp overwriting the files there
3. Run 'build.sh clean' on unix or 'build.bat clean' on windows
4. Run 'build.sh' on unix or 'build.bat' on windows
5. Redeploy the JIRA web app into your application server


The patch zip file contains the following files :

Archive:  jra-15664-3.8.1-patch.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
     2269  11-25-08 14:29   WEB-INF/classes/webwork.properties
     1472  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/DoubleArrayConverter.class
     1581  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/DoubleConverter.class
     1476  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/BooleanArrayConverter.class
     1196  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/BooleanConverter.class
     5378  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/KnownParameterConverters.class
      304  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ParameterConverter.class
     1497  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/CharacterArrayConverter.class
     1478  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/IntegerArrayConverter.class
     1221  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/CharacterConverter.class
     1590  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/IntegerConverter.class
     1452  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/LongArrayConverter.class
     1462  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ShortArrayConverter.class
     1563  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/LongConverter.class
     1572  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ShortConverter.class
     1452  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ByteArrayConverter.class
     1563  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ByteConverter.class
     1462  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/FloatArrayConverter.class
     1052  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/AbstractParameterConverter.class
     1572  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/parameters/FloatConverter.class
     8576  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/JiraSafeActionParameterSetter.class
     1383  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/webwork/JiraSafeActionParameterSetter$SetterDescriptorComparator.class
    18901  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/issue/IssueNavigator.class
    13489  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/util/csv/ConfigureCsvMapping.class
     5132  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/util/CsvImporter.class
     5220  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/util/fogbugz/FogBugzImport.class
     7157  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/util/fogbugz/ConfigureFogBugzMapping.class
     6650  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/util/BaseImporter.class
     4991  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/web/action/user/AbstractUserReport.class
     2662  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/issue/transport/impl/IssueNavigatorActionParams.class
     3501  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/config/webwork/JiraActionFactory.class
     3999  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/config/webwork/JiraActionFactory$JiraPluginActionFactory.class
     4080  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/config/webwork/JiraActionFactory$SafeParameterSettingActionFactoryProxy.class
     1995  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/action/JiraNonWebActionSupport.class
      127  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/action/SafeAction.class
    10418  11-25-08 14:29   WEB-INF/classes/com/atlassian/jira/util/ParameterUtils.class
 --------                   -------
   130893                   36 files