In order to ensure our ability to authenticate and authorize all requests, Tempo has deprecated the Servlet API for all of its cloud products and will decommission it on April 1, 2020. Currently, the Servlet API does not authenticate against actual users, making it possible for users to use tokens with whitelisted IP addresses to access others’ private data. Moving away from the Servlet API will allow us to ensure that all requests come directly from actual users and not from malignant parties. Decommissioning the Servlet API will also ensure that we continue to comply with Atlassian’s security requirements for cloud applications. https://developer.atlassian.com/platform/marketplace/security-requirements/
In place of the Servlet API, Tempo will use its public REST API to replace the following functionalities:
|Servlet API||REST API|
Storing external details on the worklog will be removed.
If you are not the administrator of Tempo Timesheets or Tempo Planner, please ensure your Tempo administrator is made aware of this change as soon as possible.
The goal in announcing this now is to give you time to prepare for these changes. We also welcome your feedback as to how these changes might impact your accounts so that we can make adjustments as needed.