New Features

  • Audit logging of configuration changes
  • OpenPGP Encryption for tokens created on behalf
  • Tags/ Notes for IP address restrictions


  • Users who can't create their own tokens but can use tokens can now see a list of their tokens, i.e. to see expiration dates or other details
  • The list of tokens now shows an expiration warning if a token expires within the next 14 days
  • Changed texts in the permission settings so that it's more clear what the on-behalf permission implies


  • Updated internal and 3rd party libraries
  • Improved text of a few element descriptions in the UI


  • fixed a bug that caused UI not to load if the user logged in has no e-mail address set
  • hardened app against username enumeration
    • removed mentions of usernames in responses that led to 401 - Unauthenticated
    • for troubleshooting purposes, admins can still look up details of authentication failures in the log files
  • Updated internal and 3rd party libraries


  • further hardening against username enumeration
    • in addition to the changes in version 2.0.2, the error message in a 401 response is now identical to the one Atlassian sends: "Basic Authentication Failure - Reason : AUTHENTICATED_FAILED"


  • no public release


  • 3rd party and internal library updates