| | update private licence | | | | | Unresolved | Jun 23, 2020 | Jun 23, 2020 | | |
| | NPM reporting security vulnerability: Lodash | | | | | Unresolved | May 15, 2018 | May 29, 2018 | | |
| | Upgrade Nimbus JOSE+JWT to fix CVE-2017-12972 and CVE-2017-12973 | | | | | Invalid | Mar 18, 2018 | Mar 18, 2018 | | |
| | Access to Rainicorn | | | | | Unresolved | Feb 9, 2018 | Feb 12, 2018 | | |
| | Groups | | | | | Unresolved | Nov 9, 2017 | Nov 9, 2017 | | |
| | testing | | | | | Unresolved | Nov 9, 2017 | Nov 9, 2017 | | |
| | Review the list of CVEs that ASAP is vulnerable to | | | | | Unresolved | Oct 8, 2017 | Oct 5, 2020 | | |
| | Check for any open CVEs in dependencies | | | | | Fixed | Sep 4, 2017 | Sep 1, 2021 | | |
| | AbstractRequestAuthorizationFilter instances could be more composable | | | | | Rejected | Aug 14, 2017 | Aug 14, 2017 | | |
| | Implement a KeyProvider to read private keys from a String | | | | | Fixed | Aug 14, 2017 | Aug 15, 2017 | | |
| | Bump Atlassian parent pom version | | | | | Fixed | Aug 12, 2017 | Dec 20, 2017 | | |
| | Implement safe toString methods in key providers | | | | | Fixed | Aug 6, 2017 | Aug 7, 2017 | | |
| | Adding additional whitelist provider for ASAP validator | | | | | Fixed | Aug 3, 2017 | Aug 4, 2017 | | |
| | Could you please delete my Private Add On the URL is https://funky.kendo.rocks/atlassian-connect.json | | | | | Tracked Elsewhere | Jul 25, 2017 | Aug 6, 2017 | | |
| | Add artifact with Interceptor for okhttp3 | | | | | Fixed | Jul 24, 2017 | Jan 22, 2020 | | |
| | Add a generic filter for taking a set of issuers and rules for each one | | | | | Unresolved | Jul 6, 2017 | Jul 6, 2017 | | |
| | AbstractRequestAuthenticationFilter returns 500 if the public key is not found | | | | | Fixed | Jul 3, 2017 | Jul 4, 2017 | | |
| | Extend benchmark to support concurrency | | | | | Fixed | Jul 1, 2017 | Aug 6, 2017 | | |
| | Account Number is not right | | | | | Rejected | Jun 27, 2017 | Jul 1, 2017 | | |
| | Research a lower leeway default value for relative time validation | | | | | Unresolved | Jun 23, 2017 | Jul 4, 2017 | | |
| | Add 'impersonationIssuer' support to 'AsapAuth' | | | | | Fixed | May 1, 2017 | Jul 27, 2017 | | |
| | Spring Boot 1.5 support: upgrade Nimbus-JOSE-JWT to 4.35 | | | | | Fixed | Apr 9, 2017 | Apr 11, 2017 | | |
| | Support for dynamic resource server audiences in the validator | | | | | Fixed | Mar 27, 2017 | Mar 28, 2017 | | |
| | Invalid Curve Attack - Update Nimbus JOSE+JWT to 4.34.2 | | | | | Fixed | Mar 21, 2017 | Mar 21, 2017 | | |
| | Add ability for ASAP server to use jwtValidator that accepts multiple audiences | | | | | Fixed | Mar 19, 2017 | Aug 6, 2017 | | |
| | Idealfed.com - request or Marketplace Contributor Discount | | | | | Tracked Elsewhere | Mar 6, 2017 | Mar 12, 2017 | | |
| | The UnverifiedBearerToken returns null for getName which causes an NPE in Spring, masking the real authentication failure | | | | | Fixed | Feb 14, 2017 | Mar 21, 2017 | | |
| | Suboptimal performance for JwtBuilder and NimbusJsr353Translator | | | | | Fixed | Feb 2, 2017 | Feb 5, 2017 | | |
| | Data Center throws ClassNotFoundException while working with TaskManager | | | | | Invalid | Jan 10, 2017 | Jul 1, 2017 | | |
| | upgrade to mockito 2.x | | | | | Won't Fix | Dec 22, 2016 | Feb 5, 2017 | | |
| | Add support for jersey2 clients | | | | | Fixed | Dec 22, 2016 | Dec 22, 2016 | | |
| | Improve public key retrieval and authentication failure exception and logging | | | | | Fixed | Nov 23, 2016 | Nov 25, 2016 | | |
| | Allow different handling for transient and permanent authentication failure using the Jersey 2 authentication filter | | | | | Fixed | Nov 21, 2016 | Nov 22, 2016 | | |
| | Do not validate subjects/issuers in jersey 1 if no subjects are passed | | | | | Unresolved | Nov 16, 2016 | Nov 16, 2016 | | |
| | Support additional public key repositories in Spring configuration | | | | | Fixed | Oct 6, 2016 | Oct 6, 2016 | | |
| | Bump Spring framework to 4.3 | | | | | Fixed | Sep 30, 2016 | Dec 8, 2016 | | |
| | Add Spring configuration integration test | | | | | Fixed | Sep 29, 2016 | Oct 6, 2016 | | |
| | Allow apps to override the single-valued audience in Spring configuration | | | | | Fixed | Sep 29, 2016 | Sep 29, 2016 | | |
| | Create more traditional service integration for ASAP | | | | | Fixed | Sep 28, 2016 | Oct 17, 2016 | | |
| | Replace custom annotations with https://bitbucket.org/atlassian/atlassian-annotations | | | | | Unresolved | Sep 22, 2016 | Sep 22, 2016 | | |
| | Improve exception messages on authentication errors | | | | | Fixed | Sep 20, 2016 | Oct 6, 2017 | | |
| | asap-java: Support data: urls directly since that's what MICROS provides | | | | | Fixed | Sep 12, 2016 | Sep 13, 2016 | | |
| | Make ASAP annotation Inherited | | | | | Fixed | Sep 9, 2016 | Jul 1, 2017 | | |
| | Example Java client NPEs on 204 NO CONTENT response | | | | | Unresolved | Sep 5, 2016 | Sep 5, 2016 | | |
| | Example client and server do not work as indicated in the README | | | | | Fixed | Sep 4, 2016 | Sep 5, 2016 | | |
| | Make MAX_LIFETIME of token configurable | | | | | Fixed | Aug 29, 2016 | Sep 12, 2016 | | |
| | HttpPublicKeyProvider should configure a connectionRequestTimeout as well | | | | | Fixed | Aug 2, 2016 | Oct 6, 2017 | | |
| | Bug: asap-java JWT parsing discards incoming jwtId (jti) and replaces it with random UUID | | | | | Fixed | Aug 1, 2016 | Aug 3, 2016 | | |
| | Decommission the old asap-authentication-java repository | | | | | Fixed | Aug 1, 2016 | Oct 6, 2017 | | |
| | Allow overriding the configuration received from env vars | | | | | Obsolete | Jul 27, 2016 | Nov 25, 2016 | | |