According to Atlassian, JIRA is used for issue tracking and project management by over 25,000 customers in 122 countries around the globe.7 Some of the organizations using JIRA for bug-tracking and project management are Fedora Commons,8 Hibernate,9 Honeywell Aerospace,10[not in citation given] JBoss,11 Linden Lab,12[not in citation given] Skype,13 Spring Framework,14 and The Apache Software Foundation uses JIRA and Bugzilla.15 JIRA includes tools allowing migration from competitor Bugzilla.16
Compared to Bugzilla, JIRA is more internally customisable. Bugzilla has a single, fixed, state machine to represent the lifecycle of a 'bug'. All such bugs are assumed to follow the same fixed pattern of detection, repair and test. All bugs must also have the same lifecycle. JIRA allows this state machine to be changed by its users, and also for different classes of issue to be tracked, each with their own state machine. This makes JIRA far more flexible: it may be used as a more general "issue tracker" rather than solely a bug tracker, tracking new feature requests, system admin tasks, Scrum tasks or any other feature that its users might require. To avoid the overhead of configuring JIRA for each new task type, pre-built configurations such as GreenHopper (now JIRA Agile17) can be bought-in, which provide a pre-configured JIRA environment with tasks and behaviours appropriate for popular management methodologies.18
JIRA is offered in three packages:[citation needed]
JIRA is written in Java and uses the Pico inversion of control container, Apache OFBiz entity engine, and WebWork 1 technology stack. For remote procedure calls (RPC), JIRA supports REST, SOAP, and XML-RPC.19 JIRA integrates with source control programs such as Clearcase, Concurrent Versions System (CVS), Git, Mercurial, Perforce,20 Subversion,21 and Team Foundation Server. It ships with various translations including English, French, German, Japanese, and Spanish.22
The main featues of JIRA for agile software development are the functionality to plan development iterations, the iteration reports and the bug tracking functionality (A JIRA Bug is usually abbreviated to JB).
JIRA is a commercial software product that can be licensed for running on-premises or available as a hosted application. Pricing depends on the maximum number of users.23
Atlassian provides JIRA for free to open source projects meeting certain criteria, and to organizations that are non-academic, non-commercial, non-governmental, non-political, non-profit, and secular. For academic and commercial customers, the full source code is available under a developer source license.23
In April 2010 a cross-site scripting vulnerability in JIRA led to the compromise of two Apache Software Foundation servers. The JIRA password database was compromised. The database contained unsalted password hashes, which are vulnerable to dictionary lookups and cracking tools. Apache advised users to change their passwords.24 Atlassian themselves were also targeted as part of the same attack and admitted that a legacy database with passwords stored in plain text had been compromised.25