Rate this page:
This page includes release notes and updates for Jira Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Jira Service Management Cloud.
Go to our developer community to ask questions. You may also be interested in the What's New blog for Atlassian Cloud where details of major changes that affect all users of the Jira Cloud products are announced.
The following new regions are coming soon as part of Atlassian’s Data Residency solution, and by extension will be available for partners to support for Connect apps:
India (IN)
South Korea (KR)
Brazil (BR)
Japan (JP)
Switzerland (CH)
UK (GB)
You can find instructions on implementing data residency here.
Keep an eye out in the new year for an announcement that the regions are available for apps.
In April 2024, we will delete this template key from JSM’s create project API:
com.atlassian.servicedesk:next-gen-general-service-desk
The key will be deprecated as the corresponding template has been removed from the product. It can no longer be used by our customers to create new projects. Existing projects created using this template will not be impacted.
Going forward, please use one of the other, similar template keys outlined in our documentation, such as:
com.atlassian.servicedesk:next-gen-general-it-service-desk
com.atlassian.servicedesk:next-gen-general-business-service-desk
In April 2024, the template key will be deleted completely and no longer usable by the create project API.
Get attachments for request endpoint now returns attachments within a form on a request. To obtain the necessary attachmentId, call the Get form attachments metadata endpoint. This ID can also be used to call Get attachment content endpoint and Get attachment thumbnail endpoint.
Realm migration is now generally available for apps built on Connect. Partners with Connect apps that store data externally are encouraged to explore realm migration as part of a complete data residency solution for customers.
You can find instructions on implementing Connect data residency here.
Added Canada as supported realm for Connect data residency.
As a reminder, if you indicate support for a realm, it means your app stores the relevant data that is in-scope for your app’s data residency solution (see Atlassian’s documentation on in-scope data for our products here). For more information, please refer to the Connect data residency documentation.
In addition to Canada, Atlassian is exploring making additional data residency regions available in the future. These can be identified on the Atlassian Cloud Roadmap and we will provide similar updates/notice prior to these regions being available.
The issue context Forge module now allows you to use dynamic properties to set a dynamic status value.
This feature was previously available for issue glances, which will get deprecated on Oct 6, 2023.
The create customer request endpoint now accepts attachments within form answers that are supplied when creating a request. To obtain the necessary file identifiers, files must first be attached to the corresponding service desk by calling the attach temporary file endpoint. The returned temporaryAttachmentIds can then be supplied in the form answers.
In October 2023, Atlassian plans to add support for Canada to Connect apps, alongside existing data residency regions available to customers. Once this region is available, we will be updating our data residency supported region keys to include Canada (CA) alongside our existing supported data residency regions. We will provide further updates closer to availability.
As a reminder, if you indicate support for a realm, it means your app stores the relevant data that is in-scope for your app’s data residency solution (see Atlassian’s documentation on in-scope data for our products here). For more information, please refer to the Connect data residency documentation.
In addition to Canada, Atlassian is exploring making additional data residency regions available in the future. These can be identified on the Atlassian Cloud Roadmap and we will provide similar updates/notice prior to these regions being available.
In 6 months, we will enforce limits per issue for the number of:
Comments: 5000 comments per issue
Worklogs: 5000 worklogs per issue
Attachments: 2000 attachments per issue
Issue links: 2000 issue links per issue (excluding child issues and subtasks)
Remote links: 2000 remote issue links per issue
An error response will occur if the limit is exceeded for:
Operations via REST APIs
Automation rules
Issue transitions
If issue data already exceeds the limits, this will be transformed into an attachment within the issue.
Limits on the number of list field Items allowed per issue
Maximum limits per issue | Impacted APIs | Operations will result in an error after the change | Old response | New response |
|---|---|---|---|---|
5000 comments per issue |
|
|
|
message: |
5000 worklogs per issue |
|
|
|
message: |
2000 attachments per issue |
|
|
|
message: |
2000 issue links per issue (excluding child issues and subtasks) |
|
|
|
message: |
2000 remote links per issue |
|
|
|
message: |
The above limits per issue will also apply to site import and JCMA migrations. Instead of an error, issues with field data over the limit will have a transformation rule applied, such that the field data over the limit is converted into attachments on the issue.
Existing issues with field data over the limit will have a transformation rule applied, such that the field data over the limit is converted into attachments on the issue.
Whilst the vast majority of our issues are associated with a reasonable amount of comments, worklogs, attachments, issue links and remote links, there are some issues with extreme data shapes on an issue. These large data sizes can lead to reliability issues and incidents in unpredictable ways.
No changes to your app, automation or workflows are necessary if
you aren’t working with the APIs listed above
you know none of your issues would have fields that are over the limit
If your app/automation/workflows are performing operations that would cause it to exceed limits, you need to handle the new error message appropriately.
If your app/automation/workflows needs to create comments/worklogs/attachments/issue links/remote links in an issue that will cause the limit to be exceeded, consider creating them in another issue.
If your app/automation/workflows needs to update comments/worklogs/attachments/issue links/remote links in an issue that is already exceeding limit for that field, consider moving items to another issue before attempting the update.
Th deprecation period is 6 months.
As per Understanding JWT for Connect apps and our previous deprecation notice, the Jira and Confluence APIs now only allow Connect apps to provide authentication JWTs as an Authorization: JWT header in requests. the Atlassian Jira and Confluence APIs will no longer inspect the ?jwt= query string parameter and requests for all apps, and consequently may fail with a HTTP 401 response.
Please utilise the JWT auth header as a means to authenticate as outlined in: https://developer.atlassian.com/cloud/jira/platform/understanding-jwt-for-connect-apps/#creating-a-jwt-token
This change does not affect how Jira or Confluence provides the Atlassian product JWTs to Connect app modules/iframes.
Please note: This removal will progressive rollout by tenants, increasing to 100% by the 15th September, 2023
Accepting sensitive JWTs as a query string parameter presents a problem as the query string is often saved in web browser history, passed through Referers to other web sites, stored in web logs such as intermediate proxy servers.
If your app provides its Connect JWT to the Atlassian APIs as a query string parameter, you must update it to pass the JWT via an Authorization: JWT header.
The Connect lifecycle HTTP request payload for both Jira and Jira Service Management (JSM) now contains two new fields for apps installed on sites participating in the custom domains beta. These reflect any custom domains configured for each product:
displayUrl: The custom domain for Jira;
displayUrlServicedeskHelpCenter: The custom domain for JSM.
The updated payload:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"key": "my-app",
"clientKey": "redacted",
"publicKey": "redacted",
"sharedSecret": "redacted",
"serverVersion": "100234",
"pluginsVersion": "1001.0.0-SNAPSHOT",
"baseUrl": "https://my-service-desk.jira-dev.com",
"displayUrl": "https://stg-test-22aug-1239.jira.staypositive.au",
"productType": "jira",
"description": "Atlassian JIRA at https://my-service-desk.jira-dev.com",
"eventType": "installed",
"cloudId": "f3fa27a2-189a-4ea5-a06c-374567baf7d5",
"displayUrlServicedeskHelpCenter": "https://stg-test-22aug-1352.jsm.staypositive.au"
}If no custom domains have been added to the Jira or JSM, then the value of these fields will fallback to baseUrl, which is the default site URL.
Please note that API requests from your App should always use the baseUrl. The displayUrl and displayUrlServicedeskHelpCenter properties should only be used when displaying or rendering URLs.
We have begun using 4 new security scanners for Connect security requirements on the Atlassian Marketplace. The new scanners will be used to check your Connect apps for:
Signed Install Authentication (Req 1.4)
Authorization (Req 1.2)
Input Validation (Cross-Site Scripting) (Req 8)
Insecure Storage of Secrets (Req 5)
See our announcement for new scans enabled on Connect apps: https://atlassianpartners.atlassian.net/l/cp/Xki0k1Pp
As always, we will notify you of any apps that are found to be missing security requirements via the Atlassian Marketplace Security Jira Project. As a reminder, all apps are subject to the Security Bug Fix Policy for Marketplace apps and must respond to reports of missing security requests in a timely manner.
If you’d like to check your apps yourself, or scan any new apps before listing them on the Marketplace, you can use open sourced versions of these new scanners using the documentation at CSRT and Connect Vulnerability Scanner repositories.
We’ve introduced a limit of 60 files on some of our file upload endpoints. This only applies to files uploaded in a single request, so if you wish to upload more than 60 files at once, you can call the endpoint multiple times. This affects the following endpoints:
Prepare for Atlassian’s latest Connect app security scanners with new open source scanners for Signed-install AuthN, AuthZ, Input validation(XSS), and Insecure storage of secrets.
Atlassian regularly releases new cloud app security requirements and scanners to increase the baseline of security across all cloud apps and protect our shared customers from security risks.
Don’t get caught missing a requirement! Prepare for Atlassian’s latest Connect app security scanners with new open sourced scanners for Signed-install AuthN, AuthZ, Input validation(XSS), and Insecure storage of secrets.
Should we find a missing requirement, we will notify you via the Atlassian Marketplace Security Jira Project. As a reminder, all apps are subject to the Security Bug Fix Policy for Marketplace apps and must respond to reports of missing security requests in a timely manner.
Marketplace Partners with access to the Partner Portal can find the new scanners and more information here in the Partner Portal.