The UI modifications (UIM) module now supports new fields on the following views:

• Parent

• Components

• Reporter

• User picker

• Multi user picker

• Parent

The complete list of supported fields for the issue view is available here.

We have now fixed the incorrect scope check requests with a trailing forward slash.

Assume there is a scenario where a request is made to an endpoint https://api.atlassian.com/some/path/. Scope checking may find a valid scope for path /some/path/** and pass the scope check. Once the request reaches the backend service, if the service does not have a path with a trailing slash, it may remove it and invoke the parent endpoint https://api.atlassian.com/some/path which may not have the same scope requirements.

With this fix, scope checking will ignore the trailing slash when matching scopes to the path.

This means that a request to https://api.atlassian.com/some/path/ and https://api.atlassian.com/some/path will be treated the same with respect to scope checking.

We are announcing the deprecation of two Jira Web Panel (webPanels) module locations within Forge or Connect applications. The affected locations are:

• atl.jira.view.issue.left.context: For web panels that appear in the content section on the left. We advise transitioning to the Issue Context module for similar functionality.

• atl.jira.view.issue.right.context: For web panels that are displayed in the context section on the right, resembling a glance panel. We recommend migrating to the Issue Context module for these needs.

This change means that if your Forge or Connect app currently utilizes these two Jira Web Panel (webPanels) module locations, it is essential to migrate to the issueContext module. Detailed guidance on adopting the new Issue Context API is available in our documentation.

The progressive rollout of data security policy events has been completed. Data security policy events are generated when installed apps' access to certain data within Confluence, Jira, Jira Service Management, or Jira Software has been blocked by an administrative policy with an App access rule. You can now subscribe to these events.

Being a new capability however, we are scaling up our processing of these data security policy events over the next few months. In the meantime we have set a upper limit of 50,000 objects. This means that if a customer activates or updates a data security policy that affects more than 50,000 objects, you will receive the first 50k objects in the events and the rest would be omitted.

We intend to raise these limits and will advise once we have reached our final threshold— and have determined our final hard limits.

Currently, in company-managed projects, JQL searches with hidden fields (either by custom field context or field configuration) won’t return any results. In team-managed projects, all fields are searchable and appear in search results.

To improve search performance, we’re changing the search of company-managed projects to match that of team-managed projects: in both project types, all fields will appear in search results whether they’re hidden or not. This means that when you use a JQL search with a hidden field in company-managed projects, issues with that hidden field will now show up (when they previously wouldn’t).

This change only affects about 2% of all searches, but depending on how you use JQL, some of your filters in company-managed projects may return different results.

Be specific about the project and/or issue type you want to see - or hide - in the JQL search results.

For example, if fixVersion is hidden for issue type = "Story" and you want to exclude it from search results, use issue type != "Story" to get focused results.

If you’re not specific, any hidden fields will be included in the search results.

We’re launching this by the end of September 2024.

In the past, dashboard background scripts were rendered only if at least one dashboard gadget from the same app was present on the dashboard. This behavior has changed. Now, dashboard background scripts are always rendered.

As of this week, some Cloud customers will be able to set up and enable app access rules under data security policies. The feature will be slowly rolled out to customers over the coming week.

Customer outreach for this feature will be high-touch at first to give Marketplace Partners more time to update apps, but we plan to do a larger announcement toward the middle of 2024 (calendar year). You can read more about the rollout plan here.

We highly recommend testing out the feature and considering adjusting your app to warn users when it’s impacted by an app access rule.

Prepare for this change by reading more about the app access rule API here for Jira and here for Confluence.

Endpoints and scopes have been added for Confluence Smart Links in the content tree and Databases. For further information about these updates, reference the Atlassian Developer Documentation for OAuth and Forge scopes as well as Confluence Cloud REST API v2.

Three new scopes have been added for each: read, write, and delete. These additions will support the implementation of Smart Links and Databases in Forge applications.

Creation, retrieval, and deletion of Smart Links in the content tree and Databases have been added for v2 REST APIs. Creation, retrieval, modification, and deletion of properties as well as retrieval of operations and ancestors is supported via these added APIs.

We have started the rollout of data residency for Forge hosted storage, where data will be moving to the same location as the host product. To ensure a smooth rollout, we will be rolling out the feature to customers gradually over the next month.

Once the rollout is complete, Forge hosted storage data will be stored in the same location as the host product for all new and existing Forge apps, for all current and future Atlassian-supported locations. We will let you know when the rollout is complete.

Action Required
Last month, we outlined some actions required to prepare for this rollout (see changelog for more information). If you haven’t done so yet, we recommend:

1. redeploying any app that uses Forge-hosted storage

2. updating the manifest for any apps that use remotes or external permissions (for details about how to do this, see our documentation).

At the end of the staged rollout, we also recommend updating the Privacy & Security tab for any app that exclusively uses Forge hosted storage for in-scope End User Data, to indicate that your app supports data residency. You should also define in your app documentation what data is in-scope and out-of-scope. This way you can let customers know about your app’s support for data residency. We will let you know when to make this update.

We’re updating the deletion of issue field options used in issues for consistency across the Issue field options and Issue field options (apps) endpoints. We recommended that you utilize the new replace issue field option service.

In the coming 2 weeks, all Cloud customers will be able to set up and enable app access rules under data security policies. Customer outreach for this feature will be high-touch at first to give partners more time to update apps.

Many app components will display proactive warnings letting customers know that the app has been blocked by their admin. However, if an app relies on data from restricted spaces or projects, user experience may be impacted in other spaces where the app is not blocked. This may confuse end users or present them with incorrect data if the app is not adjusted to account for the impacts of app blocking.

For this reason, we highly recommend testing out the feature and considering adjusting your app to warn users when it’s impacted by an app access rule.

Prepare for this change by reading more about the app access rule API here for Jira and here for Confluence.

What was the issue?
Before Dec, 2023, when a partner published a new app version for a paid connect app, the app upgrade flow ran for all installed apps, without checking for active licenses.

As a result, partners saw failed /installed events for app upgrades for the connect apps that were unsubscribed but not uninstalled from the customer instance.
Tickets related to the issue: JAC Ticket, ECOHELP Ticket

What did we change?

At the time, we fixed this bug by:

• Introducing checks and allowing only apps with active licenses to be auto-upgraded to new version.

• In case of inactive licenses, when the customer resubscribes to the app and license becomes active, the auto upgrade works as usual.

Why are we reverting the change?
This change stopped partners from pushing security fixes among other updates to the unlicensed paid connect apps. To solve this, we would be rolling back the changes. This would be done in a phased manner rolling back 20% each day, until March 23.

By March 23, 2024, changes will be rolled back from all the customer instances.

What’s the impact of the reversion?
Reverting the changes will mean the auto upgrades run smoothly for all the apps including the ones with inactive licenses. Unfortunately, this takes us to the previous state which led to partners receiving failed /installed events for unlicensed paid connect apps.

Following the deprecation notice, we’ve deprecated jiraIssueGlances and jira:issueGlance as we have replaced with issueContext module.

The team field has an attribute called isVisible, which is used to indicate whether the field is active and visible to the user. It was not set to false for deleted teams, which has now been fixed.

To further improve Plans for Jira Software Cloud, team-managed projects will no longer restrict parent association for hierarchies above epic to the same project. The restriction on lower hierarchy levels (epic to stories and stories to subtasks) remains unchanged.