Skip to content

v0.9.2

Choose a tag to compare

@github-actions github-actions released this 07 Jul 13:58
Immutable release. Only release title and notes can be modified.
v0.9.2
f79321e

✨ Added

  • The JSON envelope now carries Jira's own trace id: the Atl-Traceid / X-ARequestId response header is captured as meta.upstream_request_id and on each error entry, so a Jira-side failure can be quoted directly to Atlassian support. The existing meta.request_id is generated locally and has no server-side meaning.

🪲 Fixed

  • Human output now strips ANSI escape and control bytes from Jira-controlled text (summaries, descriptions, error messages), so a crafted issue or error can no longer inject color codes or corrupt your terminal.
  • jira agent schema now binds the comment input schema to the comment add/comment edit leaves (they previously reported no input schema) and publishes output schemas for the read/list commands — comment, attachment, link, worklog, transition, boards, and cache — so agents can discover response shapes without trial calls.
  • issue attachment download --to is now confined to the working directory: a .. traversal or an absolute path outside it is rejected before any HTTP call, so an agent (or a crafted instruction) can no longer write downloads outside the tree it was launched in. A new security_posture section in jira agent guide documents the threat model.

📜 Commits

  • f58f060 fix(cli): sanitize Jira-controlled text in human terminal output
  • aca151c fix(schema): bind comment input schema to leaves and fill sparse output schemas
  • 1bb41ce fix(cli): confine attachment download paths to the working directory
  • 01adc7b feat(cli): capture Jira upstream trace id in envelope meta and errors

Full Changelog: v0.9.1...v0.9.2