Last updated Jun 13, 2024

Changelog

This page includes release notes and updates for Jira Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Jira Software Cloud.

Go to our developer community to ask questions. You may also be interested in the What's New blog for Atlassian Cloud where details of major changes that affect all users of the Jira Cloud products are announced.

13 June 2024

Fixed Forge CLI to bundle modules with multiple entry points of different resource types

We have now fixed the issue where the forge deploy command was unable to bundle the app when entry points are configured with different resource types (Custom UI and UI Kit). This was particularly seen for modules supporting multiple entry points, such as https://developer.atlassian.com/platform/forge/manifest-reference/modules/jira-custom-field/#jira-custom-field.

4 June 2024

Removed Plan-only teams are no longer accessible in the Team field via Jira REST APIs and JQL queries

Plan-only teams (also known as private teams) can no longer be used outside of an Advanced Roadmaps plan, specifically in the Team field via Jira REST APIs and JQL queries.

More details

What’s changing?

Plan-only teams (also known as private teams) are no longer usable outside of an Advanced Roadmaps plan, specifically in the team field via Jira REST APIs and JQL queries.

Plan-only teams were never provided as JQL suggestions for the team field. However, it was possible to query a plan-only team directly by its ID. Since this change, querying plan-only teams directly by ID doesn't return any results.

Plan-only teams are no longer exposed in the team field of an issue on the Jira Get Issue REST API, nor are they settable via the Create or Edit Issue REST API. Previously only the ID and the placeholder title “Plan-specific team" were returned.

All functionality for Atlassian teams will continue to be supported.

15 April 2024

Fixed Fixed incorrect scope check for OAuth 2.0 requests with a trailing forward slash

We have now fixed the incorrect scope check requests with a trailing forward slash.

Assume there is a scenario where a request is made to an endpoint https://api.atlassian.com/some/path/. Scope checking may find a valid scope for path /some/path/** and pass the scope check. Once the request reaches the backend service, if the service does not have a path with a trailing slash, it may remove it and invoke the parent endpoint https://api.atlassian.com/some/path which may not have the same scope requirements.

With this fix, scope checking will ignore the trailing slash when matching scopes to the path.

This means that a request to https://api.atlassian.com/some/path/ and https://api.atlassian.com/some/path will be treated the same with respect to scope checking.

11 April 2024

Added App access rule under data security policies: Data security policy events upper limit

The progressive rollout of data security policy events has been completed. Data security policy events are generated when installed apps' access to certain data within Confluence, Jira, Jira Service Management, or Jira Software has been blocked by an administrative policy with an App access rule. You can now subscribe to these events.

Being a new capability however, we are scaling up our processing of these data security policy events over the next few months. In the meantime we have set a upper limit of 50,000 objects. This means that if a customer activates or updates a data security policy that affects more than 50,000 objects, you will receive the first 50k objects in the events and the rest would be omitted.

We intend to raise these limits and will advise once we have reached our final threshold— and have determined our final hard limits.

More details

Data security policies help customers keep their organization’s data secure by letting them govern how users, apps, and people outside of their organization can interact with content such as Confluence pages and Jira issues.

The new app access rule under data security policies allows customers to restrict app access to the content in Confluence spaces or Jira projects under a given policy. In this way, customers can benefit from apps while still limiting 3rd-party app access to certain content in select spaces.

If you are looking to update your apps with custom in-app messaging whenever your app is affected by an app access rule, we encourage you to use the Developer guide.

2 April 2024

Announcement App access rule GA staged rollout has begun

As of this week, some Cloud customers will be able to set up and enable app access rules under data security policies. The feature will be slowly rolled out to customers over the coming week.

Customer outreach for this feature will be high-touch at first to give Marketplace Partners more time to update apps, but we plan to do a larger announcement toward the middle of 2024 (calendar year). You can read more about the rollout plan here.

We highly recommend testing out the feature and considering adjusting your app to warn users when it’s impacted by an app access rule.

Prepare for this change by reading more about the app access rule API here for Jira and here for Confluence.

More details

Data security policies help customers keep their organization’s data secure by letting them govern how users, apps, and people outside of their organization can interact with content such as Confluence pages and Jira issues.

The new app access rule under data security policies allows customers to restrict app access to the content in Confluence spaces or Jira projects under a given policy. In this way, customers can benefit from apps while still limiting 3rd-party access to certain content in select spaces.

28 March 2024

Announcement Staged rollout started for Forge hosted storage data residency (beta)

We have started the rollout of data residency for Forge hosted storage, where data will be moving to the same location as the host product. To ensure a smooth rollout, we will be rolling out the feature to customers gradually over the next month.

Once the rollout is complete, Forge hosted storage data will be stored in the same location as the host product for all new and existing Forge apps, for all current and future Atlassian-supported locations. We will let you know when the rollout is complete.

Action Required
Last month, we outlined some actions required to prepare for this rollout (see changelog for more information). If you haven’t done so yet, we recommend:

  1. redeploying any app that uses Forge-hosted storage

  2. updating the manifest for any apps that use remotes or external permissions (for details about how to do this, see our documentation).

At the end of the staged rollout, we also recommend updating the Privacy & Security tab for any app that exclusively uses Forge hosted storage for in-scope End User Data, to indicate that your app supports data residency. You should also define in your app documentation what data is in-scope and out-of-scope. This way you can let customers know about your app’s support for data residency. We will let you know when to make this update.

More details

Data residency for Forge-hosted storage is the latest milestone on our shared mission to offer enterprise-ready apps to customers in the cloud. With data residency available for Forge-hosted storage, meeting a key customer trust requirement will be easier than ever.

It’s important to note that, as we shared last November, when data residency reaches beta for Forge-hosted storage, app data stored in Forge-hosted storage will automatically inherit data residency in all current and future regions supported by the host product. This will not be reversible.

Read more about data residency for Forge hosted storage.

20 March 2024

Announcement App access rule soft launch coming soon

In the coming 2 weeks, all Cloud customers will be able to set up and enable app access rules under data security policies. Customer outreach for this feature will be high-touch at first to give partners more time to update apps.

Many app components will display proactive warnings letting customers know that the app has been blocked by their admin. However, if an app relies on data from restricted spaces or projects, user experience may be impacted in other spaces where the app is not blocked. This may confuse end users or present them with incorrect data if the app is not adjusted to account for the impacts of app blocking.

For this reason, we highly recommend testing out the feature and considering adjusting your app to warn users when it’s impacted by an app access rule.

Prepare for this change by reading more about the app access rule API here for Jira and here for Confluence.

More details

Data security policies help customers keep their organization’s data secure by letting them govern how users, apps, and people outside of their organization can interact with content such as Confluence pages and Jira issues.

The new app access rule under data security policies allows customers to restrict app access to the content in Confluence spaces or Jira projects under a given policy. In this way, customers can benefit from apps while still limiting 3rd-party access to certain content in select spaces.

19 March 2024

Announcement Reverting changes that stopped version upgrades for unlicensed, paid connect apps

What was the issue?
Before Dec, 2023, when a partner published a new app version for a paid connect app, the app upgrade flow ran for all installed apps, without checking for active licenses.

As a result, partners saw failed /installed events for app upgrades for the connect apps that were unsubscribed but not uninstalled from the customer instance.
Tickets related to the issue: JAC Ticket, ECOHELP Ticket

What did we change?

At the time, we fixed this bug by:

  • Introducing checks and allowing only apps with active licenses to be auto-upgraded to new version.

  • In case of inactive licenses, when the customer resubscribes to the app and license becomes active, the auto upgrade works as usual.

Why are we reverting the change?
This change stopped partners from pushing security fixes among other updates to the unlicensed paid connect apps. To solve this, we would be rolling back the changes. This would be done in a phased manner rolling back 20% each day, until March 23.

By March 23, 2024, changes will be rolled back from all the customer instances.

What’s the impact of the reversion?
Reverting the changes will mean the auto upgrades run smoothly for all the apps including the ones with inactive licenses. Unfortunately, this takes us to the previous state which led to partners receiving failed /installed events for unlicensed paid connect apps.

17 March 2024

Request for Comments (RFC) RFC: List View in Jira Software Projects

EDIT, 17-Apr-2024: This RFC is now closed.

A new RFC is ready for review at https://community.developer.atlassian.com/t/rfc-40-list-view-in-jira-software-projects/78246.

13 March 2024

Deprecation Notice Epic issues in team-managed projects can have parent issues from other projects

This progressive rollout announced earlier has started as of 13th March 2024. It only applies to Premium and Enterprise instances of Jira Software Cloud.

To further improve Plans for Jira Software Cloud, team-managed projects will no longer restrict parent association for hierarchies above epic to the same project. The restriction on lower hierarchy levels (epic to stories and stories to subtasks) remains unchanged.

More details

This is a behavioral change on APIs that write and read parent issue associations. As a result, parent issues of epics in team-managed projects can now be from other projects.

When we roll out this change, it will then become possible to set the parent issue of an epic in a team-manager project to be an initiative issue of a company-managed project. See the below diagram for more details.

7 March 2024

Announcement App access rule GA: soft launch coming soon

Starting at the end of March 2024, all Cloud customers will be able to set up and enable app access rules for Jira and Confluence under data security policies. This change will give customers an important new control to protect data while benefiting from Marketplace apps.

Customer outreach for this feature will be high-touch at first to give partners more time to update apps.

Many app components will display proactive warnings letting customers know that the app has been blocked by their admin. However, if an app relies on data from restricted spaces or projects, user experience may be impacted in other spaces (ex: search features or workspace modules) where the app is not blocked. This may confuse end users or present them with incorrect data if the app is not adjusted to account for the impacts of app blocking.

For this reason, we highly recommend testing out the feature and adjusting your app if necessary to warn users when it’s impacted by an app access rule.

Prepare for this change by reading more about how applying an app access rule to your app affects the behaviour of product REST APIs it calls here for Jira and here for Confluence.

More details

Data security policies help customers keep their organization’s data secure by letting them govern how users, apps, and people outside of their organization can interact with content such as Confluence pages and Jira issues.

The new app access rule under data security policies allows customers to restrict app access to the content in Confluence spaces or Jira projects under a given policy. In this way, customers can benefit from apps while still limiting 3rd-party access to certain content in select spaces.

5 March 2024

Added App access rule under data security policies: Early access to data security policy events

This week we have started the progressive rollout of data security policy events generated when an app's access to certain data within Confluence, Jira Cloud, Jira Service Management, or Jira Software has been blocked by an App access rule. These events are available to subscribe to today, for App Access Rule EAP participants.

Being a new capability however, we are scaling up our processing of these events over the next few weeks. Initially only a sample of events will be sent and we will be increasing the sample progressively, aiming for 100% of events (with an upper cap) by the time the feature reaches General Availability at the end of March or early April.

Note that not all apps registering a webhook for these events will necessarily receive a sample of events, but most will.

Over the next month we will be raising these limits and will share details here once we have reached our GA threshold - and what our final hard limits are.

27 February 2024

Announcement Realm persistence is coming soon for Connect data residency

In the upcoming quarter we plan to update our Connect data residency service to support realm persistence.

Realm persistence allows partners to save time and avoid negative customer experience by helping to ensure that customer app pinning does not move between realms upon reinstallation. With realm persistence, app pinning will only move when the app is reinstalled outside of a defined duration or when otherwise requested to move by the customer through the realm migration service.

If you are waiting to implement data residency for your Connect app due to realm persistence concerns. Keep an eye out here in the change log for updates in the coming weeks.

More details

Today, apps built on Connect can support both realm pinning and realm migration to help customers keep their data in a region they trust.

Read more about data residency for Connect apps →

26 February 2024

Removed Partial removal of lenient URL path processing for OAuth 2.0 requests

Rollout: progressive roll-out by request. COMPLETE

The deprecation period for Lenient URL path processing for OAuth 2.0 requests has now expired. This change will be rolled out progressively over the coming two weeks. Per the deprecation notice, some apps have been excluded from this change for the time being.

23 February 2024

Added Sprint name and goal can now be updated for closed sprints

Sprint names and goals can be updated for closed sprints using both the full and partial sprint update endpoints. Any changes to other sprint fields are ignored.

Rate this page: