This page includes release notes and updates for Jira Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Jira Cloud Platform.
For updates about changes to the Forge platform, see the Forge changelog in the Forge documentation.
Go to our developer community to ask questions. You may also be interested in the What's New blog for Atlassian Cloud where details of major changes that affect all users of the Jira Cloud products are announced.
We have started the rollout of data residency for Forge hosted storage, where data will be moving to the same location as the host product. To ensure a smooth rollout, we will be rolling out the feature to customers gradually over the next month.
Once the rollout is complete, Forge hosted storage data will be stored in the same location as the host product for all new and existing Forge apps, for all current and future Atlassian-supported locations. We will let you know when the rollout is complete.
Action Required
Last month, we outlined some actions required to prepare for this rollout (see changelog for more information). If you haven’t done so yet, we recommend:
redeploying any app that uses Forge-hosted storage
updating the manifest for any apps that use remotes or external permissions (for details about how to do this, see our documentation).
At the end of the staged rollout, we also recommend updating the Privacy & Security tab for any app that exclusively uses Forge hosted storage for in-scope End User Data, to indicate that your app supports data residency. You should also define in your app documentation what data is in-scope and out-of-scope. This way you can let customers know about your app’s support for data residency. We will let you know when to make this update.
Data residency for Forge-hosted storage is the latest milestone on our shared mission to offer enterprise-ready apps to customers in the cloud. With data residency available for Forge-hosted storage, meeting a key customer trust requirement will be easier than ever.
It’s important to note that, as we shared last November, when data residency reaches beta for Forge-hosted storage, app data stored in Forge-hosted storage will automatically inherit data residency in all current and future regions supported by the host product. This will not be reversible.
We’re updating the deletion of issue field options used in issues for consistency across the Issue field options and Issue field options (apps) endpoints. We recommended that you utilize the new replace issue field option service.
We're updating the DELETE issue field option REST operation, which will return a 409 Conflict
status when you remove an option that is used by issues.
Additionally, we’re introducing a new endpoint to simplify the transition by allowing options to be replaced. This new feature is similar to the existing Replace issue field option (apps) function.
To improve the consistency of the deletion process across Jira. With this change, we aim to enhance developer experience and enable enhancements on our platform infrastructure.
We recommend that you use the new replace issue field option service. You can use this service to update any issues associated with a specific issue field option before its deletion. This avoids potential 409 Conflict
errors when calling the DELETE issue field option REST operation.
Additionally, leveraging Search for issues using JQL (GET) can help identify any instances where an issue field option is used prior to its removal.
In the coming 2 weeks, all Cloud customers will be able to set up and enable app access rules under data security policies. Customer outreach for this feature will be high-touch at first to give partners more time to update apps.
Many app components will display proactive warnings letting customers know that the app has been blocked by their admin. However, if an app relies on data from restricted spaces or projects, user experience may be impacted in other spaces where the app is not blocked. This may confuse end users or present them with incorrect data if the app is not adjusted to account for the impacts of app blocking.
For this reason, we highly recommend testing out the feature and considering adjusting your app to warn users when it’s impacted by an app access rule.
Prepare for this change by reading more about the app access rule API here for Jira and here for Confluence.
Data security policies help customers keep their organization’s data secure by letting them govern how users, apps, and people outside of their organization can interact with content such as Confluence pages and Jira issues.
The new app access rule under data security policies allows customers to restrict app access to the content in Confluence spaces or Jira projects under a given policy. In this way, customers can benefit from apps while still limiting 3rd-party access to certain content in select spaces.
What was the issue?
Before Dec, 2023, when a partner published a new app version for a paid connect app, the app upgrade flow ran for all installed apps, without checking for active licenses.
As a result, partners saw failed /installed
events for app upgrades for the connect apps that were unsubscribed but not uninstalled from the customer instance.
Tickets related to the issue: JAC Ticket, ECOHELP Ticket
What did we change?
At the time, we fixed this bug by:
Introducing checks and allowing only apps with active licenses to be auto-upgraded to new version.
In case of inactive licenses, when the customer resubscribes to the app and license becomes active, the auto upgrade works as usual.
Why are we reverting the change?
This change stopped partners from pushing security fixes among other updates to the unlicensed paid connect apps. To solve this, we would be rolling back the changes. This would be done in a phased manner rolling back 20% each day, until March 23.
By March 23, 2024, changes will be rolled back from all the customer instances.
What’s the impact of the reversion?
Reverting the changes will mean the auto upgrades run smoothly for all the apps including the ones with inactive licenses. Unfortunately, this takes us to the previous state which led to partners receiving failed /installed
events for unlicensed paid connect apps.
Following the deprecation notice, we’ve deprecated jiraIssueGlances
and jira:issueGlance
as we have replaced with issueContext
module.
The team field has an attribute called isVisible
, which is used to indicate whether the field is active and visible to the user. It was not set to false
for deleted teams, which has now been fixed.
There were two team field types: one for Advanced Roadmaps and one for the team entity used across Atlassian products.
Since March 2023, we have been consolidating these into one type, migrating Advanced Roadmap teams into Atlassian teams.
The two team fields handled deleted teams differently in the Jira Issue API. The Advanced Roadmaps team field returned null
, and the Atlassian team field returned an object, to distinguish it from an empty field value.
This is an example JSON response of a deleted team:
1
2
3
4
5
6
7
8
"customfield_10001": {
"id": "f30a43cb-6bcf-4b48-85d6-122ef1c71851-1",
"name": "",
"avatarUrl": "",
"isVisible": false,
"title": "",
"isShared": true
}
Note that the name
and title
attributes have been set to empty string, to that user generated content is not exposed for something which has been deleted.
This progressive rollout announced earlier has started as of 13th March 2024. It only applies to Premium and Enterprise instances of Jira Software Cloud.
To further improve Plans for Jira Software Cloud, team-managed projects will no longer restrict parent association for hierarchies above epic to the same project. The restriction on lower hierarchy levels (epic to stories and stories to subtasks) remains unchanged.
This is a behavioral change on APIs that write and read parent issue associations. As a result, parent issues of epics in team-managed projects can now be from other projects.
When we roll out this change, it will then become possible to set the parent issue of an epic in a team-manager project to be an initiative issue of a company-managed project. See the below diagram for more details.
To improve the speed and reliability of the labels API endpoints, we will be changing the permissions checked when querying issue labels in Jira Cloud.
Currently, the querying process, whether it's done via label field suggestions on issues/JQL search or through the use of 'get all labels' APIs (rest/api/2/label or rest/api/3/label), is too slow and unreliable for many customers. With this change, Jira Cloud will only validate site access and project access permissions when retrieving labels.
Deprecation Period: 6 months
Release Date: Sep 9, 2024
In the past, our system performed an exhaustive permission check when retrieving labels in Jira Cloud. Each label was checked to see if it was linked to any issues that the requesting user didn't have access to. If this was the case, the label would be removed from the results. As this check was done for each label and for every issue across the site, this process was extremely expensive, leading to significant slowdowns and reliability problems.
With this change, Jira Cloud will only validate site access and project access permissions when retrieving labels. The system will not apply any issue security level permissions check during label retrieval.
If a user is granted the BROWSE_PROJECTS
permission, they will have access to all labels within that project. This encompasses special permission grants, such as those granted through reporter
and assignee
system fields, as well as user
and group
custom fields.
Jira now features a new issue ID search API, which allows you to use JQL to search specifically for issue IDs. While this API only returns issue IDs, it is up to 20 times faster than the JQL search endpoints.
The Filters API now features a new approximateLastUsed
field to the response payload. This new field returns information about when a search filter was last evaluated.
The approximateLastUsed
field lets you make more informed decisions about when to synchronize your search filters, and reduce unnecessary requests for filters that are infrequently accessed. It also enables Jira admins to find and clean up unused filters.
Starting at the end of March 2024, all Cloud customers will be able to set up and enable app access rules for Jira and Confluence under data security policies. This change will give customers an important new control to protect data while benefiting from Marketplace apps.
Customer outreach for this feature will be high-touch at first to give partners more time to update apps.
Many app components will display proactive warnings letting customers know that the app has been blocked by their admin. However, if an app relies on data from restricted spaces or projects, user experience may be impacted in other spaces (ex: search features or workspace modules) where the app is not blocked. This may confuse end users or present them with incorrect data if the app is not adjusted to account for the impacts of app blocking.
For this reason, we highly recommend testing out the feature and adjusting your app if necessary to warn users when it’s impacted by an app access rule.
Prepare for this change by reading more about how applying an app access rule to your app affects the behaviour of product REST APIs it calls here for Jira and here for Confluence.
Data security policies help customers keep their organization’s data secure by letting them govern how users, apps, and people outside of their organization can interact with content such as Confluence pages and Jira issues.
The new app access rule under data security policies allows customers to restrict app access to the content in Confluence spaces or Jira projects under a given policy. In this way, customers can benefit from apps while still limiting 3rd-party access to certain content in select spaces.
The UI modifications (UIM) module now supports the date time picker custom field in two new locations: global issue create and issue view.
As part of our preview release of Forge UI Kit 2, we're releasing a new major version of @forge/react
with 37 updated components.
From version 10 onwards, existing component APIs are now updated, and a range of new components are now supported in UI Kit 2. For more details, see our documentation here.
The new version is supported within the following products:
Confluence
Jira
Bitbucket
Compass
Updating to the latest version may contain breaking changes for existing UI Kit 2 apps, as all existing component APIs have been updated. The breaking changes are only applicable if you choose to upgrade your UI Kit 2 apps.
Our component documentation contains more details on the props each component will now take.
To update your UI Kit 2 app to the latest version, in the terminal from your project directory, run the following command:
npm install --save @forge/react@latest
If you’re still using older versions of UI kit, such as the previous version of UI Kit 2 (@forge/react version 9) and UI Kit 1, you can find their corresponding documentation here.
This week we have started the progressive rollout of data security policy events generated when an app's access to certain data within Confluence, Jira Cloud, Jira Service Management, or Jira Software has been blocked by an App access rule. These events are available to subscribe to today, for App Access Rule EAP participants.
Being a new capability however, we are scaling up our processing of these events over the next few weeks. Initially only a sample of events will be sent and we will be increasing the sample progressively, aiming for 100% of events (with an upper cap) by the time the feature reaches General Availability at the end of March or early April.
Note that not all apps registering a webhook for these events will necessarily receive a sample of events, but most will.
Over the next month we will be raising these limits and will share details here once we have reached our GA threshold - and what our final hard limits are.
In the upcoming quarter we plan to update our Connect data residency service to support realm persistence.
Realm persistence allows partners to save time and avoid negative customer experience by helping to ensure that customer app pinning does not move between realms upon reinstallation. With realm persistence, app pinning will only move when the app is reinstalled outside of a defined duration or when otherwise requested to move by the customer through the realm migration service.
If you are waiting to implement data residency for your Connect app due to realm persistence concerns. Keep an eye out here in the change log for updates in the coming weeks.
Today, apps built on Connect can support both realm pinning and realm migration to help customers keep their data in a region they trust.
Rate this page: