Rate this page:
This page includes release notes and updates for Jira Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Jira Service Management Cloud.
Go to our developer community to ask questions. You may also be interested in the What's New blog for Atlassian Cloud where details of major changes that affect all users of the Jira Cloud products are announced.
We’ve introduced a new optional query parameter strictConflictStatusCode for the Create Customer REST API in Jira Service Management Cloud. The parameter allows you to receive a 409 Conflict status code for a duplicate customer creation request, instead of a 400 Bad_Request.
We have updated our security requirements for cloud applications, added new security requirements, and categorized requirements by app type and security requirement type. All cloud applications in the Atlassian Marketplace must adhere to the updated requirements by October 31, 2022.
Please see the blog post and FAQ page accompanying this announcement for more details, as well as this document for specific updates.
We’ve updated the extension context for the UI kit of the following Jira Service Management modules:
The following property names and type have changed for the UI kit components:
Property names | From | To |
|---|---|---|
|
| |
|
| |
|
| |
Property type |
|
|
The Get request type and Get request type by id APIs now feature a new portalId attribute. This attribute represents the ID of the customer portal associated with the given service desk.
We’ve updated the Forge CLI to reflect the changes resulting from pausing the rollout of new scopes. Forge now supports classic and granular scopes. However, if your app doesn’t have all the scopes it needs, the Forge CLI suggests the recommended classic scopes instead of granular scopes.
Run npm install -g @forge/cli@latest on the command line to install the latest version of @forge/cli.
We’ve added two new modules that you can now use with Jira Service Management Cloud:
Jira Service Management portal request view action, which adds an option item to the request view action section that shows up request details page
Jira Service Management portal user menu action, which adds a menu item to the user menu that shows up on customer portal
Run npm install @forge/ui@latest on the command line in your app directory to install the latest version of the UI kit.
The request type fields API now features a new presetValues attribute. This attribute is available in each of the hidden fields. The value of this attribute will be a list of strings.
To access the preset values for a request type, use the hiddenFields expansion:
1
/rest/servicedeskapi/servicedesk/{serviceDeskId}/requesttype/{requestTypeId}/field?expand=hiddenFieldsFor Example: If the labels field was hidden with preset values: foo and bar, the fields configuration will look like:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
"fieldId": "labels",
"name": "Labels",
"description": "",
"required": false,
"defaultValues": [],
"validValues": [],
"presetValues": [
"foo",
"bar"
],
"jiraSchema": {
"type": "array",
"items": "string",
"system": "labels"
},
"visible": false
}Hidden fields can only be seen by a Service Desk Administrator
We’ve deprecated OAuth 2.0 (3LO) authentication for site URIs (i.e. *.atlassian.net) in Jira Cloud platform, Jira Software Cloud, and Jira Service Management Cloud.
All OAuth 2.0 (3LO) requests should be made through api.atlassian.com by 14 November 2022. After this date, OAuth 2.0 (3LO) requests using site URIs will fail. See the OAuth 2.0 documentation for details of how to construct api.atlassian.com URIs.
On 22 February, we announced the availability of new scopes for Forge and OAuth 2.0 (3LO) apps. Following concerns raised by our developer community, we have now paused the deprecation of classic scopes and removed the requirement to transition your app to new scopes by 23 August 2022.
There is no action for you to take regarding your app scopes at this stage. Apps using either classic or new scopes can continue to do so. For those that haven’t adopted new scopes yet, please continue using classic scopes – we’ll let you know when you can start transitioning.
FAQ
Q1: I have already updated my app with new scopes. Will it stop working now?
A1: Your app will continue to work with new scopes. There is no need for you to make any further changes.
Q2: Am I going to need to roll back to the classic scopes?
A2: You do not need to roll back to classic scopes.
Q3: Does this mean the new scopes are not be reliable?
A3: Using new scopes is in no way less reliable than classic scopes. Both new and classic scopes are equally as reliable to use for your app.
Q4: Will I have to update to another, newer set of scopes?
A4: We have now started a review process of the new scopes and intend to run extensive usability studies with our partners. Once we have more clarity on the best solution, we will update you via the changelog and developer community.
An improvement will be made in the coming days to allow customers (site admins) to turn off (or back on) end-user installation capabilities for OAuth 2.0 (3LO) apps. If you are a developer of OAuth 2.0 (3LO) apps, you do not need to take any action as a result of this change, as this message is only to communicate the impact to the customer.
Previously, controls were not in place for an admin to block their users from installing 3LO apps. Adding the ability for an admin to prohibit users from installing 3LO apps now aligns more closely to how a user would install any other, non-3LO apps on the Marketplace. This functionality was requested by several Atlassian enterprise customers to gain increased control over where their data is shared and which apps have access to their instance. By allowing admins to control end-user app installs, we are making it possible for more enterprise customers to move to cloud. Once in cloud, these companies will not be blocked from installing 3LO apps, because admins will retain the ability to vet and install the apps at their discretion.
Figure (a) below demonstrates the section of the customer’s admin console where they will now be able to block their users from installing 3LO apps. Figure (b) below shows the new experience when a customer tries to install a 3LO app after their admin has disabled this function.
If a customer attempts to install a 3LO app after their admin has disabled this function, the following error message will appear:
App is blocked by an admin
An admin has not allowed [App Name] to access data from [Your Atlassian Instance] . Select another site to authorize access to or contact your admin for more information.
(a)
(b)
We’ve added the following modules that you can now use with Jira Service Management Cloud:
Run npm install @forge/ui@latest on the command line to install the latest version of the UI kit.
The original OAuth scopes for Forge and OAuth 2.0 (3LO) apps on Confluence Cloud, Jira Cloud platform, and Jira Service Management Cloud are deprecated.
All Forge and OAuth 2.0 (3LO) apps must use the new scopes by 23 August 2022 PDT / 24 August 2022 AEST. After this date, only apps using the new scopes will function as expected, as the original scopes will have been removed.
See the following documentation for more details:
Jira Cloud platform scopes for OAuth 2.0 (3LO) and Forge apps
Jira Service Management Cloud scopes for OAuth 2.0 (3LO) and Forge apps
Run npm install -g @forge/cli@latest on the command line to install the latest version of @forge/cli.
We’re introducing new scopes for Forge and OAuth 2.0 (3LO) apps that run on Jira Cloud platform, Jira Software Cloud, and Jira Service Management Cloud. This change is part of an Atlassian initiative to enhance security and build customer trust.
The new scopes provide administrators and users with finer-grained information about the data apps can access, enabling them to make better decisions about installing apps.
See the following documentation for more details:
We’ve updated the Forge Jira issue glance so you can use an icon to represent the issue glance status. Jira Cloud also adds support for dynamic properties that enable runtime updates to the issue glance status.
We're deprecating AP.Host.getSelectedText in Jira and Confluence, due to security and privacy concerns. From Jul 11, 2022 this API will return an empty string ("") under all circumstances. See the CDAC post for full details.