Make sure you update to S/Notify 4.1

We would like to note that we have updated the Bouncy Castle crypto library in S/Notify 4.1, and that this version of the library fixes flaws that may lead to high CPU usage or even a DoS (Denial of Service) under certain circumstances. The following CVEs have been addressed and may be relevant for its use within S/Notify:

Note that especially CVE-2024-30172 could be used for DoS (Denial of Service) attack. This is particularly true if you allow user uploads or, in Jira, the extraction and use of certificates or keys from incoming email.

Therefore, we recommend all customers to plan a short-term update to S/Notify for Jira 4.1, S/Notify for Confluence 4.1 and/or S/Notify for Bitbucket 2.1 if they haven't already.

S/Notify 4.1 released

Our new release of S/Notify Email Encryption brings you useful improvements and new features

We are delighted to announce the release of S/Notify Email Encryption 4.1.0 for Jira, S/Notify Email Encryption for Confluence 4.1.0, as well as S/Notify Email Encryption for Bitbucket 2.1.0. This update introduces numerous improvements, along with new features, to ensure your confidential data remains protected and your communication workflows are more streamlined than ever before.

Here's what this update brings you:

Improvements

New Features

We also fixed a couple of smaller bugs, most notably are probably those with regard to S/MIME Validation:

Accessibility

We fixed some issues and made some enhancements that you won't see, but are key to better accessibility for visually impaired users. We also published our first Accessibility Compliance Report (ACR), sometimes also referred to VPAT, for S/Notify for Jira and Jira Service Management. You can download the ACR from here.

Thank you for your continued trust in S/Notify. We are excited to embark on this journey of enhanced email security together.