Security & Trust

🛡️ Midori is now SOC 2 compliant! Learn more →

Midori is a long-standing member of the Atlassian Ecosystem

Midori was officially established in 2012, but we built our first apps in 2005, years before the Atlassian Marketplace was born. We have been a dedicated and active Marketplace Partner in the Atlassian Ecosystem ever since it was created. Today, more than 10,000 companies (many of them Fortune 500 members) rely on our products and support services every day.

🛡️ We take software security seriously

When it comes to software security, we adhere to industry standards and participate in all Atlassian security programs. We review our security practices periodically to prevent incidents and maintain outstanding service reliability.

On this page we collected the relevant resources you need during a vendor assessment research. Learn more about the security programs we participate in, where to find the License Agreement and privacy disclaimer, and how to get in touch with us when you need support.

🥇 Our compliance certifications and standards
Logo of SOC 2 standard Logo of GDPR regulation

We have obtained the SOC 2 audit report and GDPR compliance, affirming our safeguarding of customer data within data centers, information systems and software development practices.

Visit our public Vanta Trust Center. Download our internal policy documents and reports to support your assessment process. Review our security controls. Review the subprocessors that process our customer data.

Key resources for vendor assessment

Security Programs

Midori participates in all Atlassian security programs. For our cloud apps this earns the highest security classification of Cloud Fortified!

Security program details →

Midori EULA

The Midori End User License Agreement clarifies our commitment to you and the terms you are agreeing to when you choose a Midori product. While it contains the mandatory legal language, it's a fair and concise document free of unnecessary strings and fine prints.

Midori EULA →

Midori Privacy Policy

Refer to the Privacy Policy to review our data handling practices. It explains that we only collect and store the data that's necessary to provide the desired services to you. Review our Data Processing Agreement (DPA) that governs the conditions under which your data is shared with us.

Midori Privacy Policy →

Responsive Technical Support

If something goes wrong or you just have questions, you can easily reach us.

Review our Customer Support Service Level Agreement and how we manage technical support.

🗨️ Midori support desk →

Security Programs

Midori is adhering to all Atlassian-mandated security requirements.
Our cloud apps are awarded the Cloud Fortified classification for successful participation in all these.

Security Program Description
CAIQ Lite Questionnaire The CAIQ Lite Questionnaire is a standard cloud security assessment, approved by the Cloud Security Alliance (CSA). Midori has completed the CAIQ Lite Questionnaire and made it available for you to use it in your vendor assessment process.
Midori CAIQ Lite Questionnaire (Excel spreadsheet)
Ecoscanner Ecoscanner is Atlassian’s platform to perform security checks against all Atlassian Marketplace cloud apps on an ongoing basis. Midori cloud apps are continuously monitored by Ecoscanner. This process brings possible vulnerabilities to light very early so we can address them before they cause any damage.
Vulnerability Disclosure Program The Vulnerability Disclosure Program is a reporting platform run by Atlassian, providing a safe and effective way for Atlassian, customers and security researchers to report vulnerabilities. Midori cloud apps are participating in this program.
Cloud App Security Requirements Cloud App Security Requirements are a set of mandatory requirements Atlassian defined for all Marketplace Partners. Atlassian audits Marketplace Partners against these requirements yearly to ensure they adhere at all times. Midori fulfills these security requirements and passes the audit successfully every year.
Security Bug Fix Policy The Security Bug Fix Policy defines specific Security Bug Fix SLAs that all Marketplace Partners are expected to meet. This is to ensure cloud app vulnerabilities are addressed promptly and eventually fixed. Midori adheres to these SLAs.
Marketplace Bug Bounty Program The Marketplace Bug Bounty Program is a collaboration between Atlassian, app developers and security partners to help Marketplace Partners discover and neutralize vulnerabilities. All Midori cloud apps participate in this program where independent security researchers are incentivized to find and report vulnerabilities before those can cause harm.
Security Self-Assessment Program The Security Self-Assessment Program is a review process by Atlassian where Atlassian works with Marketplace partners to pinpoint vulnerabilities and identify improvements. Midori completes an annual security assessment that Atlassian reviews and approves.

Our CTO says...

"We consider security aspects from product design to service delivery. Our everyday security practices are based on industry recommendations and are underpinned by Atlassians security frameworks. A strong security footing allows us to build for the long-term and deliver reliable apps for our customers."

"If you are a Midori customer, you can trust our support engineers to respond quickly when you need help. I invite you to continue browsing through our security programs, security partners and reach out to us if you have questions."

Gabor Nagy, Midori Chief Technology Officer

Security Partners

Midori works with the industry-leading security, privacy and compliance experts.

Logo of AWS, a Midori security partner Logo of Bugcrowd, a Midori security partner Logo of Cloud Security Alliance, a Midori security partner Logo of OWASP, a Midori security partner Logo of Snyk, a Midori security partner Logo of Vanta, a Midori security partner Logo of Whistic, a Midori security partner

Recent Security Updates

Excerpts from recent Midori app release notes with the security-focused improvements highlighted.

Release Security Update
Better Commit Policy for Jira Data Center 6.4.0 → The internal version of the following dependency was updated:
  1. Apache Commons Collections
Better Excel Exporter for Jira Data Center 8.4.0 → The internal version of the following dependency was updated:
  1. Google Guava
Better PDF Exporter for Jira Data Center 11.2.0 → The internal versions of the following dependencies were updated:
  1. Apache Batik
  2. Apache FOP
  3. Google Guava
Midori Platform (cloud apps and internal processes) Midori received the SOC 2 compliance report.
Learn more in our Vanta Trust Center.
Better PDF Exporter for Jira Data Center 11.0.0 → Vulnerability fixes: The internal versions of the following dependencies were updated:
  1. Apache Batik
  2. Apache FOP
  3. Apache Groovy
  4. Apache XML Graphics
Better Excel Exporter for Jira Data Center 8.3.0 → The internal versions of the following dependencies were updated:
  1. Apache Groovy
  2. Apache POI
  3. Apache XMLBeans
Better Content Archiving for Confluence Data Center 9.1.0 → The internal versions of the following dependencies were updated:
  1. Moment.js
Better Commit Policy for Jira Data Center 6.2.0 → The internal version of the following dependency was updated:
  1. Apache Commons Compress
Better Excel Exporter for Jira Cloud 4.0.0 →

Better PDF Exporter for Jira Cloud 4.0.0 → 		These major versions improve software security with an improved sandbox implementation.
Without going into details, the enhanced sandbox implementation restricts the environment in which Excel and PDF templates and Groovy scripts are rendered and executed with additional controls. It results in even better isolation between exports and even tighter control over resource access.
Better Excel Exporter for Jira Cloud 3.3.0 →

Better PDF Exporter for Jira Cloud 3.3.0 → 		The Midori exporter apps for Jira Cloud have been certified as Cloud Fortified apps by Atlassian.
Cloud Fortified is a classification to highlight enterprise-ready cloud apps with the advanced level of security, reliability, and support. In order to achieve this classification, the apps participate in all Atlassian-mandated security programs.
Better PDF Exporter for Jira Cloud 2.2.0 → This release fixes all vulnerabilities discovered by our crowdsourced security program.
It also adds compatibility with the context JWT changes Atlassian introduced for Atlassian Connect apps.
Better PDF Exporter for Jira Data Center 9.4.0 → This version adds support for clickjacking protection.
In earlier Jira versions, the exported PDF documents were downloaded and opened by the browser's PDF viewer extension immediately without any further user interaction. In Jira 8.16.0, Atlassian changed the use of security headers to prevent clickjacking which also affects this behavior. Now, the PDF documents are downloaded by the browser, but not opened automatically.
Better PDF Exporter for Jira Cloud 1.7.0 → This release adds an improvement to avoid XSS type attacks.
The Description field of views and templates accepts a limited set of HTML elements that helps avoiding XSS.
⛅ Still on Server? Planning the migration to Cloud?

Migrating Midori apps to the cloud is a simple and lightweight process. Check our migration guide for Better Excel Exporter and for Better PDF Exporter.

Looking for experts to assist your cloud migration or anything else with the Midori apps? Check out the trusted Midori Solution Partners.