This is the patch instructions for the security bug JRA-15664

	http://jira.atlassian.com/browse/JRA-15664
	http://confluence.atlassian.com/pages/viewpage.action?pageId=170495046

NOTES : 

If you have changed webwork.properties, for example to increase the maximum file upload
size, then you will have to reapply your changes back into the new webwork.properties file.
You MUST use the webwork.properties file supplied in this patch.  It contains an entry that is
crucial to the way this security fix works.  Do not simple copy your old webwork.properties
file back in place.


WINDOWS USERS : Do not use the built in Windows ZIP extractor to apply this patch!

By default it replaces all the files in a directory instead of merging the files in.
If this happens, JIRA will not be able to work correctly.  Use another zip tool such
as WinZip or 7-Zip.



How to apply this patch
==========================

Before applying the patch file, make a copy of your JIRA web application directory in case 
things go wrong.  This will allow you to more easily back out any changes.


If you are using the Standalone distribution of JIRA:

1. Download the file jra-15664-3.5.3-patch.zip
2. Expand the zip file into  <jira_install_dir>/atlassian-jira/ overwriting the files there
3. Restart JIRA


If you are using the WAR distribution of JIRA:

1. Download the file jra-15664-3.5.3-patch.zip
2. Expand the zip file to <jira_install_dir>/webapp overwriting the files there
3. Run 'build.sh clean' on unix or 'build.bat clean' on windows
4. Run 'build.sh' on unix or 'build.bat' on windows
5. Redeploy the JIRA web app into your application server


The patch zip file contains the following files :

Archive:  jra-15664-3.5.3-patch.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
     2269  11-25-08 14:27   WEB-INF/classes/webwork.properties
     1472  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/DoubleArrayConverter.class
     1581  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/DoubleConverter.class
     1476  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/BooleanArrayConverter.class
     1196  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/BooleanConverter.class
     5384  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/KnownParameterConverters.class
      304  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ParameterConverter.class
     1497  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/CharacterArrayConverter.class
     1478  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/IntegerArrayConverter.class
     1221  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/CharacterConverter.class
     1590  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/IntegerConverter.class
     1452  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/LongArrayConverter.class
     1462  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ShortArrayConverter.class
     1563  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/LongConverter.class
     1572  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ShortConverter.class
     1452  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ByteArrayConverter.class
     1563  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/ByteConverter.class
     1462  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/FloatArrayConverter.class
     1052  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/AbstractParameterConverter.class
     1572  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/parameters/FloatConverter.class
     8512  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/JiraSafeActionParameterSetter.class
     1383  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/webwork/JiraSafeActionParameterSetter$SetterDescriptorComparator.class
    21446  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/issue/IssueNavigator.class
    12714  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/util/csv/ConfigureCsvMapping.class
     4536  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/util/CsvImporter.class
     5062  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/util/fogbugz/FogBugzImport.class
     6734  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/util/fogbugz/ConfigureFogBugzMapping.class
     5752  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/util/BaseImporter.class
     4991  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/web/action/user/AbstractUserReport.class
     2651  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/issue/transport/impl/IssueNavigatorActionParams.class
     3507  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/config/webwork/JiraActionFactory.class
     3999  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/config/webwork/JiraActionFactory$JiraPluginActionFactory.class
     4080  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/config/webwork/JiraActionFactory$SafeParameterSettingActionFactoryProxy.class
     1995  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/action/JiraNonWebActionSupport.class
      127  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/action/SafeAction.class
    10408  11-25-08 14:27   WEB-INF/classes/com/atlassian/jira/util/ParameterUtils.class
 --------                   -------
   130515                   36 files