Ryan Saul April 24, 2013 • Q&A / General Q&A
We here at Jama Support value customer service above everything else. Our goal is to solve your problems and answer your questions as best we can. We strive to answer every question as quickly as possible through our ticket system or on our forums. If your problem needs attention immediately, don't hesitate to call! Please see our numbers and business hours for your area on the right.
Kristina King Oct 20 • Technical Guides / Maintenance
Jama Software takes the security of its customers seriously. As a result, Jama has taken steps to protect against a new SSL vulnerability code named POODLE (Padding Oracle On Downgraded Legacy Encryption). Support has been disabled for SSL V3 on all servers. Testing shows that this should not affect existing customers, since all browsers supported by our application can use the newer TLS encryption standards.
What makes this vulnerability unique is that it allows attackers to force connections with secure websites to use a vulnerable version of SSL, which could allow attackers to see encrypted data. This vulnerability affects only SSL V3, which is an older encryption standard that has been around since 1996 and was superseded by TLS 1.0 in 1999. Most servers and applications still support SSL V3 for backward compatibility with older applications.
Jama’s systems will continue to support newer versions of TLS 1.0, 1.1, and 1.2. While we do not believe any customers will be affected by this change, we recommend that API customers verify use of a version of JRE 1.4 or higher that supports TLS. Customers using our SOAP API should also verify that their libraries have TLS support. Finally, anyone using IE 6 or older should upgrade to a newer browser.
If you have any questions or concerns about our response to this vulnerability, please open a support ticket.
Kristina King May 14 • 3 • Technical Guides / Installation
There used to be a driver for MS SQL included as part of the Jama on-premise download. Why is that no longer included, and is that driver still required?
In past releases we bundled a recommended driver need to use a MS SQL database as part of the Jama download. Going forward we are no longer bundling this driver, as there are other versions of this driver available and the alternatives may be better suited for your environment. A driver is still required for customers using a MS SQL database for their Jama installation.
In place of including a single driver option, we will publish information regarding our recommended driver(s). Your administrator may then select the best option for your tool ecosystem. You can find the installation guide here.
Kristina King Apr 15 • Technical Guides / Maintenance
By now you may be aware that on April 7th a major security vulnerability was discovered with OpenSSL, a technology that enables encryption across much of the Internet. The issue is commonly known as the “Heartbleed Bug.”
We want to assure you that our team took immediate action to patch our hosted environment to protect your account from this vulnerability.
As an added precaution we are advising all Jama users update their password. If you use SSO (single sign-on) to log into Jama with LDAP, Active Directory or Crowd, we advise you to change your external password.
If you have any additional questions please open a support ticket.
The Jama Team