Bitbucket Data Center aims to maintain API compatibility between minor releases (e.g. between 7.0 and 7.1). Methods and classes marked as deprecated will be removed in the next major release. For example, methods marked as deprecated in Bitbucket Data Center 8.1 or 8.2 will be removed in Bitbucket Data Center 9.0.
Bitbucket 9.4 adds a new type of branch permission to restrict creation of new branches.
NO_CREATES in enum com.atlassian.bitbucket.repository.ref.restriction.RefRestrictionTypePOST /rest/branch-permissions/latest/projects/{projectKey}/restrictionsPOST /rest/branch-permissions/latest/projects/{projectKey}/repos/{repositorySlug}/restrictionsGET /rest/branch-permissions/latest/projects/{projectKey}/restrictionsGET /rest/branch-permissions/latest/projects/{projectKey}/restrictions/{id}GET /rest/branch-permissions/latest/projects/{projectKey}/repos/{repositorySlug}/restrictionsGET /rest/branch-permissions/latest/projects/{projectKey}/repos/{repositorySlug}/restrictions/{id}By default, 9.4 requires the user's password when a user updates their own email. When the
ENFORCE_PASSWORD_USER_EMAIL_UPDATE standard feature is enabled, then updating a user's email via UserService or
the /rest/api/latest/users REST API will require the user's current password, and the update will be rejected if the
correct password is not provided.
ENFORCE_PASSWORD_USER_EMAIL_UPDATE in StandardFeature enumUserService#updateUser(String displayName, String emailAddress) for removal in 10.0UserService#updateUser(String displayName, String emailAddress, String password)NavBuilder.UserAccount#emailpassword field to PUT /rest/api/latest/usersBitbucket Data Center 9.3 has implemented two-step verification (2SV), which includes new REST API for authentication and a new login screen. For plugins that interact with the pre-existing login screen, it is worth noting that compatibility may break and changes will be required.
Some key REST API additions worth calling out:
POST /tsv/latest/authenticate authenticates as the given userPOST /tsv/latest/authenticate/totp-code authenticates as the given user using a TOTP codePOST /tsv/latest/authenticate/recovery-code authenticates as the given user using a recovery codePOST /tsv/latest/status retrieves the status of two-step verification for the authenticated userPOST /tsv/latest/elevate-permissions/totp elevates permissions for the authenticated user using a TOTP codePOST /tsv/latest/elevate-permissions/recovery-code elevates permissions for the authenticated user using a recovery codePOST /tsv/latest/elevate-permissions/password elevates permissions for the authenticated user using a passwordGET /authconfig/latest/login-options returns a list of available login options, which contains details about the metadata required for the login pageAll new REST API related to 2SV and the new login screen can be found under 'Authentication'.
Bitbucket Data Center 9.3 includes new SPI to allow plugins to implement a file store that can be used to store Git LFS objects, and in future possibly other files. It permits Bitbucket to generate pre-signed URLs for file uploads and downloads to/from what is typically going to be an external file store such as AWS S3 (which Bitbucket provides an implementation for).
Plugins intending the implement a file store must implement the com.atlassian.bitbucket.filestore.PluginFileStore
interface.
For the file store implementation to be picked up they have to be defined as a com.atlassian.bitbucket.filestore.PluginFileStoreModuleDescriptor
module in the plugin's atlassian-plugin.xml file. See the module description for <file-store>
for more information.
com.atlassian.bitbucket.comment.LineNumberRangegetMultilineDestinationRange and getMultilineSourceRange in com.atlassian.bitbucket.comment.CommentThreadDiffAnchorAdded multilineSpan fields for comments that span multiple lines in the following endpoints:
GET /rest/project/{projectKey}/repos/{repositorySlug}/commits/{commitHash}/commentsGET /rest/project/{projectKey}/repos/{repositorySlug}/commits/{commitHash}/comments/{commentId}GET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/activitiesGET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/commentsGET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}Although the bitbucket-parent Maven POM file is not considered stable API, an upgrade to the version of the Mockito
mocking framework is worth noting. Plugins that either use bitbucket-parent as their parent POM or import it for
the purposes of "dependencyManagement" may see changes to test code as the specific Mockito version dependency may
be inherited from bitbucket-parent.
Note: The Mockito framework is a test dependency only and its upgrade will not impact a plugin's compatibility with Bitbucket Data Center.
The upgrade from Mockito 4.x to 5.x involves a number of breaking changes. Plugin developers are encouraged to update unit tests where Mockito is used, and can find more information in the Mockito 5 release notes.
Plugin developers who wish to depend on the bitbucket-parent artifact at 9.3 or later, but still wish
to continue using Mockito 4.x, can override the dependency in the POM for their own plugin.
isMultilineAnchor, getMultilineStartLine and getMultilineStartLineType in com.atlassian.bitbucket.comment.CommentThreadDiffAnchorAdded multilineMarker fields for comments that span multiple lines in the following endpoints:
GET /rest/project/{projectKey}/repos/{repositorySlug}/commits/{commitHash}/commentsGET /rest/project/{projectKey}/repos/{repositorySlug}/commits/{commitHash}/comments/{commentId}GET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/activitiesGET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/commentsGET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}GET /rest/mirroring/latest/supportInfo/out-of-sync-repos/contentGET /rest/mirroring/latest/supportInfo/projects/{projectKey}/repos/{repositorySlug}/repo-lock-ownerGET /rest/mirroring/latest/supportInfo/repo-lock-ownersGET /rest/api/latest/admin/clusterNew REST endpoints to get diff stats summary
GET /rest/project/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/diff-stats-summaryGET /rest/project/{projectKey}/repos/{repositorySlug}/commits/{commitId}/diff-stats-summaryGET /rest/project/{projectKey}/repos/{repositorySlug}/compare/diff-stats-summaryPOST /rest/mirroring/latest/zdu/startPOST /rest/mirroring/latest/zdu/endcontentUpdatedDate and metadataUpdatedDate fields for content and metadata hashes respectively, in the following endpoints:
GET /rest/mirroring/latest/repo-hashesGET /rest/mirroring/latest/repo-hashes/contentGET /rest/mirroring/latest/repo-hashes/metadataBitbucket 9 requires Java 17. Support for running on Java 8 and 11 has been removed.
Similarly, apps developed for Bitbucket 9 will need to use a Java 17 JDK.
Bitbucket 9.0 includes an upgrade to Atlassian Data Center Platform 7.0. This upgrade puts us in a better position to respond to security changes with reduced disruption and breaking changes for your apps.
As part of this work, we have upgraded numerous Atlassian and third-party components to benefit from the latest security patches and bug fixes.
The Prepare your Data Center app for Platform 7 page contains an extensive list of the changes in Platform 7 and guides on how to migrate your app to Platform 7.
We have removed Interfaces, classes, and methods in the Bitbucket Java API that were marked as deprecated in Bitbucket 8.x.
Apps that use any of these interfaces generally won’t build with Bitbucket 9.0.
Precompiled apps that used any of the removed interfaces will fail to install or run in Bitbucket 9.0, typically with
java.lang.NoSuchMethodError or java.lang.ClassNotFoundExceptions.
Platform 7 and Bitbucket 9.0 have removed the ability for your apps to load many third-party libraries, as well as a few Atlassian-specific libraries, from the Bitbucket application. This group of libraries are called "gray APIs", as they were never intended to become part of the product’s API.
You will need to start bundling your own copies of these libraries with your apps if you wish to continue using them.
This change will allow us to improve Bitbucket more frequently without breaking your app or requiring you to do significant testing and rework when things change.
The following packages are no longer available to apps from Bitbucket. Apps that still wish to use these classes can bundle the classes within their app:
1 2assets ch.qos.logback.classic.db.names ch.qos.logback.classic.jmx com.atlassian.analytics.client com.atlassian.analytics.client.api com.atlassian.analytics.client.api.browser com.atlassian.analytics.client.api.mobile com.atlassian.annotations.tenancy com.atlassian.applinks.application com.atlassian.applinks.application.bamboo com.atlassian.applinks.application.bitbucket com.atlassian.applinks.application.confluence com.atlassian.applinks.application.crowd com.atlassian.applinks.application.fecru com.atlassian.applinks.application.generic com.atlassian.applinks.application.jira com.atlassian.applinks.application.refapp com.atlassian.applinks.application.subversion com.atlassian.applinks.core com.atlassian.applinks.core.auth com.atlassian.applinks.core.common com.atlassian.applinks.core.concurrent com.atlassian.applinks.core.event com.atlassian.applinks.core.link com.atlassian.applinks.core.manifest com.atlassian.applinks.core.oauth2 com.atlassian.applinks.core.plugin com.atlassian.applinks.core.plugin.condition com.atlassian.applinks.core.property com.atlassian.applinks.core.refapp com.atlassian.applinks.core.rest com.atlassian.applinks.core.rest.auth com.atlassian.applinks.core.rest.client com.atlassian.applinks.core.rest.context com.atlassian.applinks.core.rest.exceptionmapper com.atlassian.applinks.core.rest.model com.atlassian.applinks.core.rest.model.adapter com.atlassian.applinks.core.rest.permission com.atlassian.applinks.core.rest.ui com.atlassian.applinks.core.rest.util com.atlassian.applinks.core.upgrade com.atlassian.applinks.core.util com.atlassian.applinks.core.v1.rest com.atlassian.applinks.core.v2.rest com.atlassian.applinks.core.webfragment com.atlassian.applinks.internal.application com.atlassian.applinks.internal.common com.atlassian.applinks.internal.common.application com.atlassian.applinks.internal.common.applink com.atlassian.applinks.internal.common.auth.oauth com.atlassian.applinks.internal.common.auth.oauth.util com.atlassian.applinks.internal.common.auth.trusted com.atlassian.applinks.internal.common.cache com.atlassian.applinks.internal.common.capabilities com.atlassian.applinks.internal.common.docs com.atlassian.applinks.internal.common.event com.atlassian.applinks.internal.common.exception com.atlassian.applinks.internal.common.i18n com.atlassian.applinks.internal.common.json com.atlassian.applinks.internal.common.lang com.atlassian.applinks.internal.common.net com.atlassian.applinks.internal.common.permission com.atlassian.applinks.internal.common.rest.interceptor com.atlassian.applinks.internal.common.rest.model.applink com.atlassian.applinks.internal.common.rest.model.oauth com.atlassian.applinks.internal.common.rest.model.status com.atlassian.applinks.internal.common.rest.util com.atlassian.applinks.internal.common.status.oauth com.atlassian.applinks.internal.common.web com.atlassian.applinks.internal.common.web.condition com.atlassian.applinks.internal.common.web.data com.atlassian.applinks.internal.common.web.soy com.atlassian.applinks.internal.rest com.atlassian.applinks.internal.rest.applink com.atlassian.applinks.internal.rest.applink.data com.atlassian.applinks.internal.rest.capabilities com.atlassian.applinks.internal.rest.client com.atlassian.applinks.internal.rest.feature com.atlassian.applinks.internal.rest.interceptor com.atlassian.applinks.internal.rest.migration com.atlassian.applinks.internal.rest.model com.atlassian.applinks.internal.rest.model.applink com.atlassian.applinks.internal.rest.model.auth.compatibility com.atlassian.applinks.internal.rest.model.capabilities com.atlassian.applinks.internal.rest.model.migration com.atlassian.applinks.internal.rest.model.status com.atlassian.applinks.internal.rest.status com.atlassian.applinks.internal.status com.atlassian.applinks.internal.status.error com.atlassian.applinks.internal.status.oauth com.atlassian.applinks.internal.status.oauth.remote com.atlassian.applinks.internal.status.remote com.atlassian.applinks.internal.status.support com.atlassian.applinks.ui com.atlassian.applinks.ui.admin com.atlassian.applinks.ui.admin.applinkwizard com.atlassian.applinks.ui.admin.confluence com.atlassian.applinks.ui.auth com.atlassian.applinks.ui.confluence com.atlassian.applinks.ui.validators com.atlassian.applinks.ui.velocity com.atlassian.audit.core com.atlassian.audit.core.ecosystem com.atlassian.audit.core.impl.broker com.atlassian.audit.core.impl.service com.atlassian.audit.core.spi com.atlassian.audit.core.spi.service com.atlassian.audit.spi.entity com.atlassian.audit.spi.feature com.atlassian.audit.spi.lookup com.atlassian.audit.spi.migration com.atlassian.audit.spi.permission com.atlassian.bamboo com.atlassian.bitbucket.access.tokens com.atlassian.bitbucket.branch.automerge com.atlassian.bitbucket.dmz.admin.banner com.atlassian.bitbucket.dmz.annotation com.atlassian.bitbucket.dmz.auditing com.atlassian.bitbucket.dmz.autodecline com.atlassian.bitbucket.dmz.build com.atlassian.bitbucket.dmz.build.operations com.atlassian.bitbucket.dmz.build.server com.atlassian.bitbucket.dmz.build.status com.atlassian.bitbucket.dmz.build.status.dao com.atlassian.bitbucket.dmz.build.status.legacy com.atlassian.bitbucket.dmz.cluster com.atlassian.bitbucket.dmz.cluster.exception com.atlassian.bitbucket.dmz.codeowners com.atlassian.bitbucket.dmz.comment com.atlassian.bitbucket.dmz.commit com.atlassian.bitbucket.dmz.concurrent com.atlassian.bitbucket.dmz.deployment com.atlassian.bitbucket.dmz.deployments com.atlassian.bitbucket.dmz.deployments.event com.atlassian.bitbucket.dmz.discovery com.atlassian.bitbucket.dmz.emoticon com.atlassian.bitbucket.dmz.features com.atlassian.bitbucket.dmz.git.lfs com.atlassian.bitbucket.dmz.hook.script com.atlassian.bitbucket.dmz.idx com.atlassian.bitbucket.dmz.markup.renderer com.atlassian.bitbucket.dmz.mdc com.atlassian.bitbucket.dmz.mesh com.atlassian.bitbucket.dmz.migration com.atlassian.bitbucket.dmz.mirror com.atlassian.bitbucket.dmz.mirror.event com.atlassian.bitbucket.dmz.mirror.hash com.atlassian.bitbucket.dmz.monitoring com.atlassian.bitbucket.dmz.notification com.atlassian.bitbucket.dmz.notification.commit com.atlassian.bitbucket.dmz.notification.pull com.atlassian.bitbucket.dmz.notification.pull.custom com.atlassian.bitbucket.dmz.notification.repository com.atlassian.bitbucket.dmz.permission com.atlassian.bitbucket.dmz.policy com.atlassian.bitbucket.dmz.process com.atlassian.bitbucket.dmz.pull com.atlassian.bitbucket.dmz.pull.automerge com.atlassian.bitbucket.dmz.pull.template com.atlassian.bitbucket.dmz.ratelimit com.atlassian.bitbucket.dmz.repository com.atlassian.bitbucket.dmz.repositorymanagement com.atlassian.bitbucket.dmz.request com.atlassian.bitbucket.dmz.resilience com.atlassian.bitbucket.dmz.secretscanning com.atlassian.bitbucket.dmz.secretscanning.event com.atlassian.bitbucket.dmz.secretscanning.scan com.atlassian.bitbucket.dmz.secretscanning.validation com.atlassian.bitbucket.dmz.server com.atlassian.bitbucket.dmz.settingsrestriction com.atlassian.bitbucket.dmz.signature.verification com.atlassian.bitbucket.dmz.ssh com.atlassian.bitbucket.dmz.suggestion com.atlassian.bitbucket.dmz.systemsigning com.atlassian.bitbucket.dmz.throttle com.atlassian.bitbucket.dmz.upgrade.async com.atlassian.bitbucket.dmz.upm com.atlassian.bitbucket.dmz.user com.atlassian.bitbucket.dmz.web com.atlassian.bitbucket.dmz.x509 com.atlassian.bitbucket.dmz.x509.event com.atlassian.bitbucket.dmz.xsrf com.atlassian.bitbucket.mirroring.upstream com.atlassian.bitbucket.rest com.atlassian.bitbucket.rest.activity com.atlassian.bitbucket.rest.annotation com.atlassian.bitbucket.rest.attachment com.atlassian.bitbucket.rest.auth com.atlassian.bitbucket.rest.autodecline com.atlassian.bitbucket.rest.avatar com.atlassian.bitbucket.rest.build com.atlassian.bitbucket.rest.cluster com.atlassian.bitbucket.rest.comment com.atlassian.bitbucket.rest.commit com.atlassian.bitbucket.rest.content com.atlassian.bitbucket.rest.dashboard com.atlassian.bitbucket.rest.deployment com.atlassian.bitbucket.rest.enrich com.atlassian.bitbucket.rest.exception com.atlassian.bitbucket.rest.fragment com.atlassian.bitbucket.rest.hook.repository com.atlassian.bitbucket.rest.hook.script com.atlassian.bitbucket.rest.job com.atlassian.bitbucket.rest.label com.atlassian.bitbucket.rest.license com.atlassian.bitbucket.rest.log com.atlassian.bitbucket.rest.mail com.atlassian.bitbucket.rest.markup com.atlassian.bitbucket.rest.mesh com.atlassian.bitbucket.rest.migration com.atlassian.bitbucket.rest.permission com.atlassian.bitbucket.rest.project com.atlassian.bitbucket.rest.property com.atlassian.bitbucket.rest.pull com.atlassian.bitbucket.rest.pull.automerge com.atlassian.bitbucket.rest.pull.reviewer com.atlassian.bitbucket.rest.ratelimit com.atlassian.bitbucket.rest.repository com.atlassian.bitbucket.rest.scm com.atlassian.bitbucket.rest.scope com.atlassian.bitbucket.rest.secretscanning com.atlassian.bitbucket.rest.server com.atlassian.bitbucket.rest.settingsrestriction com.atlassian.bitbucket.rest.suggestion com.atlassian.bitbucket.rest.user com.atlassian.bitbucket.rest.util com.atlassian.bitbucket.rest.validation com.atlassian.bitbucket.rest.x509 com.atlassian.bitbucket.scm.cache.internal com.atlassian.bitbucket.scm.cache.internal.event com.atlassian.bitbucket.scm.cache.internal.jmx com.atlassian.bitbucket.scm.cache.internal.mesh com.atlassian.bitbucket.server.swagger.annotations com.atlassian.bitbucket.ssh.util com.atlassian.botocss com.atlassian.business.insights.api com.atlassian.business.insights.api.cluster com.atlassian.business.insights.api.config com.atlassian.business.insights.api.customfields com.atlassian.business.insights.api.customfields.model com.atlassian.business.insights.api.dataset com.atlassian.business.insights.api.exceptions com.atlassian.business.insights.api.extract com.atlassian.business.insights.api.filter com.atlassian.business.insights.api.pagination com.atlassian.business.insights.api.schema com.atlassian.business.insights.api.user com.atlassian.business.insights.api.writer com.atlassian.ccev com.atlassian.chaperone.obr com.atlassian.clover com.atlassian.clover.ant com.atlassian.clover.ant.groovy com.atlassian.clover.ant.taskdefs com.atlassian.clover.ant.tasks com.atlassian.clover.ant.tasks.testng com.atlassian.clover.ant.types com.atlassian.clover.api com.atlassian.clover.api.ci com.atlassian.clover.api.command com.atlassian.clover.api.instrumentation com.atlassian.clover.api.optimization com.atlassian.clover.api.registry com.atlassian.clover.cfg com.atlassian.clover.cfg.instr com.atlassian.clover.cfg.instr.java com.atlassian.clover.cmdline com.atlassian.clover.context com.atlassian.clover.instr com.atlassian.clover.instr.java com.atlassian.clover.instr.tests com.atlassian.clover.instr.tests.naming com.atlassian.clover.io.tags com.atlassian.clover.lang com.atlassian.clover.model com.atlassian.clover.optimization com.atlassian.clover.recorder com.atlassian.clover.recorder.junit com.atlassian.clover.recorder.pertest com.atlassian.clover.recorder.spock com.atlassian.clover.registry com.atlassian.clover.registry.entities com.atlassian.clover.registry.format com.atlassian.clover.registry.metrics com.atlassian.clover.registry.util com.atlassian.clover.remote com.atlassian.clover.reporters com.atlassian.clover.reporters.console com.atlassian.clover.reporters.filters com.atlassian.clover.reporters.html com.atlassian.clover.reporters.html.source com.atlassian.clover.reporters.html.source.groovy com.atlassian.clover.reporters.html.source.java com.atlassian.clover.reporters.json com.atlassian.clover.reporters.pdf com.atlassian.clover.reporters.util com.atlassian.clover.reporters.xml com.atlassian.clover.services com.atlassian.clover.spec.instr.test com.atlassian.clover.spi.lang com.atlassian.clover.spi.reporters.html.source com.atlassian.clover.util com.atlassian.clover.util.collections com.atlassian.clover.util.format com.atlassian.clover.util.trie com.atlassian.clover.versions com.atlassian.collectors com.atlassian.config.spring com.atlassian.config.xml com.atlassian.confluence.page com.atlassian.crowd.azure com.atlassian.crowd.cache com.atlassian.crowd.common.analytics.events com.atlassian.crowd.common.analytics.statistics.collectors com.atlassian.crowd.common.diff com.atlassian.crowd.common.features com.atlassian.crowd.common.properties com.atlassian.crowd.common.util com.atlassian.crowd.console.value.directory com.atlassian.crowd.crypto com.atlassian.crowd.darkfeature com.atlassian.crowd.directory.authentication com.atlassian.crowd.directory.authentication.impl com.atlassian.crowd.directory.cache com.atlassian.crowd.directory.cache.exception com.atlassian.crowd.directory.cache.model com.atlassian.crowd.directory.hybrid com.atlassian.crowd.directory.ldap com.atlassian.crowd.directory.ldap.cache com.atlassian.crowd.directory.ldap.connectionpool com.atlassian.crowd.directory.ldap.connectionpool.data com.atlassian.crowd.directory.ldap.connectionpool.mapper com.atlassian.crowd.directory.ldap.control com.atlassian.crowd.directory.ldap.control.ldap com.atlassian.crowd.directory.ldap.credential com.atlassian.crowd.directory.ldap.mapper com.atlassian.crowd.directory.ldap.mapper.attribute com.atlassian.crowd.directory.ldap.mapper.attribute.group com.atlassian.crowd.directory.ldap.mapper.attribute.user com.atlassian.crowd.directory.ldap.mapper.entity com.atlassian.crowd.directory.ldap.monitoring com.atlassian.crowd.directory.ldap.name com.atlassian.crowd.directory.ldap.util com.atlassian.crowd.directory.ldap.validator com.atlassian.crowd.directory.query com.atlassian.crowd.directory.rest com.atlassian.crowd.directory.rest.delta com.atlassian.crowd.directory.rest.endpoint com.atlassian.crowd.directory.rest.entity com.atlassian.crowd.directory.rest.entity.delta com.atlassian.crowd.directory.rest.entity.group com.atlassian.crowd.directory.rest.entity.membership com.atlassian.crowd.directory.rest.entity.user com.atlassian.crowd.directory.rest.entity.user.password com.atlassian.crowd.directory.rest.entity.user.rename com.atlassian.crowd.directory.rest.mapper com.atlassian.crowd.directory.rest.resolver com.atlassian.crowd.directory.rest.util com.atlassian.crowd.directory.rfc4519 com.atlassian.crowd.directory.ssl com.atlassian.crowd.directory.synchronisation com.atlassian.crowd.directory.synchronisation.cache com.atlassian.crowd.directory.synchronisation.utils com.atlassian.crowd.emailchange com.atlassian.crowd.embedded.admin.authorisation com.atlassian.crowd.embedded.directory com.atlassian.crowd.embedded.event com.atlassian.crowd.embedded.spi com.atlassian.crowd.embedded.validator com.atlassian.crowd.embedded.validator.impl com.atlassian.crowd.embedded.validator.rule com.atlassian.crowd.feature com.atlassian.crowd.function com.atlassian.crowd.hibernate.hsql com.atlassian.crowd.integration com.atlassian.crowd.integration.directory com.atlassian.crowd.integration.http com.atlassian.crowd.integration.http.filter com.atlassian.crowd.integration.http.util com.atlassian.crowd.integration.rest.entity com.atlassian.crowd.integration.rest.service com.atlassian.crowd.integration.rest.service.factory com.atlassian.crowd.integration.rest.util com.atlassian.crowd.license com.atlassian.crowd.licensing com.atlassian.crowd.lock com.atlassian.crowd.lookandfeel com.atlassian.crowd.manager.application.canonicality com.atlassian.crowd.manager.application.filtering com.atlassian.crowd.manager.application.search com.atlassian.crowd.manager.audit.mapper com.atlassian.crowd.manager.authentication com.atlassian.crowd.manager.cache com.atlassian.crowd.manager.cluster.message com.atlassian.crowd.manager.directory.monitor.poller com.atlassian.crowd.manager.directory.nestedgroups com.atlassian.crowd.manager.emailscan com.atlassian.crowd.manager.license com.atlassian.crowd.manager.login com.atlassian.crowd.manager.login.exception com.atlassian.crowd.manager.mail com.atlassian.crowd.manager.proxy com.atlassian.crowd.manager.recovery com.atlassian.crowd.manager.rememberme com.atlassian.crowd.manager.tombstone com.atlassian.crowd.manager.validation com.atlassian.crowd.mapper com.atlassian.crowd.model.alias com.atlassian.crowd.model.audit com.atlassian.crowd.model.cluster com.atlassian.crowd.model.config com.atlassian.crowd.model.licensing com.atlassian.crowd.model.page com.atlassian.crowd.model.property com.atlassian.crowd.model.scheduling com.atlassian.crowd.model.sso.idp com.atlassian.crowd.model.tombstone com.atlassian.crowd.password.saltgenerator com.atlassian.crowd.plugin.descriptors com.atlassian.crowd.search.hibernate com.atlassian.crowd.search.hibernate.audit com.atlassian.crowd.search.ldap com.atlassian.crowd.search.ldap.filter com.atlassian.crowd.search.ldap.test com.atlassian.crowd.service com.atlassian.crowd.service.client com.atlassian.crowd.service.cluster com.atlassian.crowd.service.factory com.atlassian.crowd.service.license com.atlassian.crowd.service.support com.atlassian.crowd.service.token com.atlassian.crowd.util.cache com.atlassian.crowd.web com.atlassian.crucible com.atlassian.db.config.password com.atlassian.diagnostics com.atlassian.diagnostics.detail com.atlassian.diagnostics.ipd.internal.spi com.atlassian.diagnostics.util com.atlassian.editlive com.atlassian.event com.atlassian.event.config com.atlassian.event.internal com.atlassian.event.legacy com.atlassian.event.remote.internal.auth com.atlassian.event.remote.internal.http com.atlassian.event.remote.internal.json com.atlassian.event.spi com.atlassian.event.spring com.atlassian.extras.api.bamboo com.atlassian.extras.api.clover com.atlassian.extras.api.confluence com.atlassian.extras.api.crowd com.atlassian.extras.api.crucible com.atlassian.extras.api.fisheye com.atlassian.extras.api.greenhopper com.atlassian.extras.api.jira com.atlassian.extras.api.plugin com.atlassian.extras.api.stash com.atlassian.extras.common com.atlassian.extras.common.log com.atlassian.extras.common.org.springframework.util com.atlassian.extras.common.util com.atlassian.extras.core com.atlassian.extras.core.bamboo com.atlassian.extras.core.bitbucket com.atlassian.extras.core.clover com.atlassian.extras.core.confluence com.atlassian.extras.core.crowd com.atlassian.extras.core.crucible com.atlassian.extras.core.fisheye com.atlassian.extras.core.greenhopper com.atlassian.extras.core.jira com.atlassian.extras.core.plugins com.atlassian.extras.core.stash com.atlassian.extras.core.transformer com.atlassian.extras.decoder.api com.atlassian.extras.decoder.v1 com.atlassian.extras.decoder.v1.confluence com.atlassian.extras.decoder.v2 com.atlassian.extras.keymanager com.atlassian.extras.legacy.util com.atlassian.failurecache com.atlassian.failurecache.executor com.atlassian.failurecache.failures com.atlassian.failurecache.updates com.atlassian.failurecache.util.date com.atlassian.fisheye com.atlassian.fugue com.atlassian.fugue.retry com.atlassian.greenhopper com.atlassian.healthcheck.core com.atlassian.healthcheck.spi com.atlassian.hibernate.extras com.atlassian.hibernate.extras.batching com.atlassian.hibernate.extras.event com.atlassian.hibernate.extras.hql com.atlassian.hibernate.extras.type com.atlassian.html.encode com.atlassian.httpclient.apache.httpcomponents com.atlassian.ip com.atlassian.jira com.atlassian.johnson.spring.event com.atlassian.johnson.spring.lifecycle com.atlassian.johnson.spring.web com.atlassian.johnson.spring.web.context com.atlassian.johnson.spring.web.context.support com.atlassian.johnson.spring.web.filter com.atlassian.johnson.spring.web.servlet com.atlassian.johnson.spring.web.servlet.support com.atlassian.jwt com.atlassian.jwt.applinks com.atlassian.jwt.applinks.exception com.atlassian.jwt.core com.atlassian.jwt.core.http com.atlassian.jwt.core.http.auth com.atlassian.jwt.core.keys com.atlassian.jwt.core.reader com.atlassian.jwt.core.writer com.atlassian.jwt.exception com.atlassian.jwt.httpclient com.atlassian.jwt.internal com.atlassian.jwt.internal.applinks com.atlassian.jwt.internal.sal com.atlassian.jwt.internal.security com.atlassian.jwt.internal.servlet com.atlassian.jwt.internal.writer com.atlassian.jwt.reader com.atlassian.jwt.writer com.atlassian.labs.restbrowser.plugin com.atlassian.labs.restbrowser.provider com.atlassian.labs.restbrowser.rest.model com.atlassian.labs.restbrowser.rest.services com.atlassian.labs.restbrowser.servlet com.atlassian.labs.restbrowser.util com.atlassian.lesscss.spi com.atlassian.license com.atlassian.license.applications.bamboo com.atlassian.license.applications.clover com.atlassian.license.applications.confluence com.atlassian.license.applications.crowd com.atlassian.license.applications.crucible com.atlassian.license.applications.editliveplugin com.atlassian.license.applications.fisheye com.atlassian.license.applications.greenhopper com.atlassian.license.applications.jira com.atlassian.license.applications.perforceplugin com.atlassian.license.applications.sharepoint com.atlassian.license.applications.vssplugin com.atlassian.license.decoder com.atlassian.license.util com.atlassian.linkaggregation com.atlassian.mail.server.impl com.atlassian.mail.server.impl.util com.atlassian.marketplace.client com.atlassian.marketplace.client.api com.atlassian.marketplace.client.encoding com.atlassian.marketplace.client.http com.atlassian.marketplace.client.impl com.atlassian.marketplace.client.model com.atlassian.marketplace.client.util com.atlassian.net com.atlassian.plugin.cache com.atlassian.plugin.cache.filecache com.atlassian.plugin.cache.filecache.impl com.atlassian.plugin.connect.api com.atlassian.plugin.connect.api.auth com.atlassian.plugin.connect.api.auth.scope com.atlassian.plugin.connect.api.descriptor com.atlassian.plugin.connect.api.lifecycle com.atlassian.plugin.connect.api.property com.atlassian.plugin.connect.api.request com.atlassian.plugin.connect.api.util com.atlassian.plugin.connect.api.web com.atlassian.plugin.connect.api.web.condition com.atlassian.plugin.connect.api.web.context com.atlassian.plugin.connect.api.web.iframe com.atlassian.plugin.connect.api.web.redirect com.atlassian.plugin.connect.bitbucket com.atlassian.plugin.connect.bitbucket.auth com.atlassian.plugin.connect.bitbucket.lifecycle com.atlassian.plugin.connect.bitbucket.usermanagement com.atlassian.plugin.connect.bitbucket.web com.atlassian.plugin.connect.bitbucket.web.condition com.atlassian.plugin.connect.bitbucket.web.context com.atlassian.plugin.connect.modules.beans com.atlassian.plugin.connect.modules.beans.builder com.atlassian.plugin.connect.modules.beans.builder.nested.dialog com.atlassian.plugin.connect.modules.beans.nested com.atlassian.plugin.connect.modules.beans.nested.dialog com.atlassian.plugin.connect.modules.bitbucket.beans com.atlassian.plugin.connect.modules.bitbucket.schema com.atlassian.plugin.connect.modules.gson com.atlassian.plugin.connect.modules.schema com.atlassian.plugin.connect.modules.util com.atlassian.plugin.connect.plugin com.atlassian.plugin.connect.plugin.api com.atlassian.plugin.connect.plugin.auth com.atlassian.plugin.connect.plugin.auth.applinks com.atlassian.plugin.connect.plugin.auth.jwt com.atlassian.plugin.connect.plugin.auth.oauth2 com.atlassian.plugin.connect.plugin.auth.scope com.atlassian.plugin.connect.plugin.auth.scope.whitelist com.atlassian.plugin.connect.plugin.auth.user com.atlassian.plugin.connect.plugin.descriptor com.atlassian.plugin.connect.plugin.descriptor.event com.atlassian.plugin.connect.plugin.lifecycle com.atlassian.plugin.connect.plugin.lifecycle.event com.atlassian.plugin.connect.plugin.lifecycle.upm com.atlassian.plugin.connect.plugin.property com.atlassian.plugin.connect.plugin.request com.atlassian.plugin.connect.plugin.request.url com.atlassian.plugin.connect.plugin.rest com.atlassian.plugin.connect.plugin.rest.addons com.atlassian.plugin.connect.plugin.rest.data com.atlassian.plugin.connect.plugin.rest.license com.atlassian.plugin.connect.plugin.rest.oauth2 com.atlassian.plugin.connect.plugin.util com.atlassian.plugin.connect.plugin.web com.atlassian.plugin.connect.plugin.web.blacklist com.atlassian.plugin.connect.plugin.web.condition com.atlassian.plugin.connect.plugin.web.context com.atlassian.plugin.connect.plugin.web.context.condition com.atlassian.plugin.connect.plugin.web.dialog com.atlassian.plugin.connect.plugin.web.iframe com.atlassian.plugin.connect.plugin.web.item com.atlassian.plugin.connect.plugin.web.jsapi com.atlassian.plugin.connect.plugin.web.page com.atlassian.plugin.connect.plugin.web.panel com.atlassian.plugin.connect.plugin.web.redirect com.atlassian.plugin.connect.plugin.webhook com.atlassian.plugin.connect.spi com.atlassian.plugin.connect.spi.auth.applinks com.atlassian.plugin.connect.spi.auth.user com.atlassian.plugin.connect.spi.lifecycle com.atlassian.plugin.connect.spi.module com.atlassian.plugin.connect.spi.web.condition com.atlassian.plugin.connect.spi.web.context com.atlassian.plugin.connect.spi.web.item com.atlassian.plugin.connect.spi.web.panel com.atlassian.plugin.event.impl com.atlassian.plugin.impl com.atlassian.plugin.main com.atlassian.plugin.osgi.container.impl com.atlassian.plugin.osgi.factory.transform.stage com.atlassian.plugin.osgi.hook.dmz com.atlassian.plugin.osgi.hook.dmz.packages com.atlassian.plugin.osgi.hostcomponents.impl com.atlassian.plugin.schema.spi com.atlassian.plugin.web.baseconditions com.atlassian.plugin.web.conditions com.atlassian.plugin.web.descriptors com.atlassian.plugin.web.impl com.atlassian.plugin.web.model com.atlassian.plugin.web.renderer com.atlassian.plugin.webresource com.atlassian.plugin.webresource.analytics com.atlassian.plugin.webresource.analytics.events com.atlassian.plugin.webresource.assembler com.atlassian.plugin.webresource.assembler.html com.atlassian.plugin.webresource.bigpipe com.atlassian.plugin.webresource.cdn com.atlassian.plugin.webresource.cdn.mapper com.atlassian.plugin.webresource.condition com.atlassian.plugin.webresource.data com.atlassian.plugin.webresource.event com.atlassian.plugin.webresource.filter.rewrite com.atlassian.plugin.webresource.graph com.atlassian.plugin.webresource.impl com.atlassian.plugin.webresource.impl.annotators com.atlassian.plugin.webresource.impl.config com.atlassian.plugin.webresource.impl.discovery com.atlassian.plugin.webresource.impl.helpers com.atlassian.plugin.webresource.impl.helpers.data com.atlassian.plugin.webresource.impl.helpers.url com.atlassian.plugin.webresource.impl.http com.atlassian.plugin.webresource.impl.snapshot com.atlassian.plugin.webresource.impl.snapshot.resource com.atlassian.plugin.webresource.impl.snapshot.resource.strategy.contentprovider com.atlassian.plugin.webresource.impl.snapshot.resource.strategy.contenttype com.atlassian.plugin.webresource.impl.snapshot.resource.strategy.path com.atlassian.plugin.webresource.impl.snapshot.resource.strategy.stream com.atlassian.plugin.webresource.impl.support com.atlassian.plugin.webresource.impl.support.factory com.atlassian.plugin.webresource.impl.support.http com.atlassian.plugin.webresource.legacy com.atlassian.plugin.webresource.models com.atlassian.plugin.webresource.prebake com.atlassian.plugin.webresource.servlet com.atlassian.plugin.webresource.transformer com.atlassian.plugin.webresource.transformer.instance com.atlassian.plugin.webresource.url com.atlassian.plugin.webresource.util com.atlassian.plugins.authentication.api.util com.atlassian.plugins.client.resource com.atlassian.plugins.license.entity com.atlassian.plugins.license.exception com.atlassian.plugins.license.model com.atlassian.plugins.license.service com.atlassian.plugins.rest.common com.atlassian.plugins.rest.common.error.jersey com.atlassian.plugins.rest.common.error.jersey.constants com.atlassian.plugins.rest.common.expand com.atlassian.plugins.rest.common.expand.entity com.atlassian.plugins.rest.common.expand.interceptor com.atlassian.plugins.rest.common.expand.parameter com.atlassian.plugins.rest.common.expand.resolver com.atlassian.plugins.rest.common.feature com.atlassian.plugins.rest.common.feature.jersey com.atlassian.plugins.rest.common.filter com.atlassian.plugins.rest.common.interceptor com.atlassian.plugins.rest.common.json com.atlassian.plugins.rest.common.multipart com.atlassian.plugins.rest.common.multipart.fileupload com.atlassian.plugins.rest.common.multipart.jersey com.atlassian.plugins.rest.common.sal.websudo com.atlassian.plugins.rest.common.security com.atlassian.plugins.rest.common.security.descriptor com.atlassian.plugins.rest.common.security.jersey com.atlassian.plugins.rest.common.template com.atlassian.plugins.rest.common.transaction com.atlassian.plugins.rest.common.util com.atlassian.plugins.rest.common.validation com.atlassian.plugins.rest.common.version com.atlassian.plugins.rest.module com.atlassian.plugins.rest.module.servlet com.atlassian.plugins.shortcuts.api com.atlassian.rest.annotation com.atlassian.sal.core.auth com.atlassian.sal.core.component com.atlassian.sal.core.csrf com.atlassian.sal.core.executor com.atlassian.sal.core.features com.atlassian.sal.core.lifecycle com.atlassian.sal.core.message com.atlassian.sal.core.net com.atlassian.sal.core.permission com.atlassian.sal.core.pluginsettings com.atlassian.sal.core.rdbms com.atlassian.sal.core.scheduling com.atlassian.sal.core.search com.atlassian.sal.core.search.parameter com.atlassian.sal.core.search.query com.atlassian.sal.core.transaction com.atlassian.sal.core.upgrade com.atlassian.sal.core.usersettings com.atlassian.sal.core.util com.atlassian.sal.core.websudo com.atlassian.sal.core.xsrf com.atlassian.sal.spi com.atlassian.scheduler.caesium.cron com.atlassian.scheduler.caesium.cron.parser com.atlassian.scheduler.caesium.cron.rule com.atlassian.scheduler.caesium.cron.rule.field com.atlassian.scheduler.caesium.impl com.atlassian.scheduler.caesium.migration com.atlassian.scheduler.caesium.spi com.atlassian.secrets com.atlassian.secrets.store.algorithm com.atlassian.secrets.store.algorithm.paramters com.atlassian.secrets.store.algorithm.serialization com.atlassian.secrets.store.aws com.atlassian.secrets.store.base64 com.atlassian.secrets.store.vault com.atlassian.secrets.store.vault.auth com.atlassian.secrets.store.vault.auth.kubernetes com.atlassian.secrets.store.vault.auth.token com.atlassian.secrets.tomcat.cipher com.atlassian.secrets.tomcat.protocol com.atlassian.secrets.tomcat.utils com.atlassian.security.java8.serialfilter com.atlassian.security.xml.libs com.atlassian.stash.internal.markup com.atlassian.stash.plugin.velocity com.atlassian.tenancy.api com.atlassian.tenancy.api.event com.atlassian.tenancy.api.helper com.atlassian.theme.internal com.atlassian.theme.internal.api com.atlassian.theme.internal.api.request com.atlassian.theme.internal.api.user com.atlassian.theme.internal.request com.atlassian.troubleshooting.api com.atlassian.troubleshooting.api.healthcheck com.atlassian.troubleshooting.api.healthcheck.exception com.atlassian.troubleshooting.api.supportzip com.atlassian.uri com.atlassian.util.concurrent com.atlassian.util.concurrent.atomic com.atlassian.util.contentcache.internal com.atlassian.util.contentcache.internal.util com.atlassian.util.integration com.atlassian.util.profiling com.atlassian.util.profiling.filters com.atlassian.util.profiling.micrometer com.atlassian.util.profiling.micrometer.analytics com.atlassian.util.profiling.micrometer.analytics.events com.atlassian.util.profiling.micrometer.util com.atlassian.util.profiling.object com.atlassian.util.profiling.strategy com.atlassian.util.profiling.strategy.impl com.atlassian.webhooks.external com.atlassian.webhooks.migration com.atlassian.webresource.api.prebake com.atlassian.zdu.internal.api com.atlassian.zdu.rest.dto com.atlassion.jwt com.fasterxml.jackson.dataformat.yaml com.fasterxml.jackson.dataformat.yaml.snakeyaml.error com.fasterxml.jackson.dataformat.yaml.util com.fasterxml.jackson.datatype.jdk8 com.fasterxml.jackson.datatype.jsr310 com.fasterxml.jackson.datatype.jsr310.deser com.fasterxml.jackson.datatype.jsr310.deser.key com.fasterxml.jackson.datatype.jsr310.ser com.fasterxml.jackson.datatype.jsr310.ser.key com.fasterxml.jackson.datatype.jsr310.util com.fasterxml.jackson.jaxrs.annotation com.fasterxml.jackson.jaxrs.base com.fasterxml.jackson.jaxrs.base.nocontent com.fasterxml.jackson.jaxrs.cfg com.fasterxml.jackson.jaxrs.json com.fasterxml.jackson.jaxrs.json.annotation com.fasterxml.jackson.jaxrs.util com.fasterxml.jackson.module.jaxb com.fasterxml.jackson.module.jaxb.deser com.fasterxml.jackson.module.jaxb.ser com.fasterxml.jackson.module.paramnames com.github.fge com.github.fge.jackson com.github.fge.jackson.jsonpointer com.github.fge.jsonschema com.github.fge.jsonschema.cfg com.github.fge.jsonschema.core com.github.fge.jsonschema.core.exceptions com.github.fge.jsonschema.core.keyword.syntax com.github.fge.jsonschema.core.keyword.syntax.checkers com.github.fge.jsonschema.core.keyword.syntax.checkers.common com.github.fge.jsonschema.core.keyword.syntax.checkers.draftv3 com.github.fge.jsonschema.core.keyword.syntax.checkers.draftv4 com.github.fge.jsonschema.core.keyword.syntax.checkers.helpers com.github.fge.jsonschema.core.keyword.syntax.checkers.hyperschema com.github.fge.jsonschema.core.keyword.syntax.dictionaries com.github.fge.jsonschema.core.load com.github.fge.jsonschema.core.load.configuration com.github.fge.jsonschema.core.load.download com.github.fge.jsonschema.core.load.uri com.github.fge.jsonschema.core.messages com.github.fge.jsonschema.core.processing com.github.fge.jsonschema.core.ref com.github.fge.jsonschema.core.report com.github.fge.jsonschema.core.tree com.github.fge.jsonschema.core.tree.key com.github.fge.jsonschema.core.util com.github.fge.jsonschema.core.util.equivalence com.github.fge.jsonschema.examples com.github.fge.jsonschema.examples.split com.github.fge.jsonschema.exceptions com.github.fge.jsonschema.format com.github.fge.jsonschema.format.common com.github.fge.jsonschema.format.draftv3 com.github.fge.jsonschema.format.extra com.github.fge.jsonschema.format.helpers com.github.fge.jsonschema.keyword.digest com.github.fge.jsonschema.keyword.digest.common com.github.fge.jsonschema.keyword.digest.draftv3 com.github.fge.jsonschema.keyword.digest.draftv4 com.github.fge.jsonschema.keyword.digest.helpers com.github.fge.jsonschema.keyword.validator com.github.fge.jsonschema.keyword.validator.common com.github.fge.jsonschema.keyword.validator.draftv3 com.github.fge.jsonschema.keyword.validator.draftv4 com.github.fge.jsonschema.keyword.validator.helpers com.github.fge.jsonschema.library com.github.fge.jsonschema.library.digest com.github.fge.jsonschema.library.format com.github.fge.jsonschema.library.validator com.github.fge.jsonschema.main com.github.fge.jsonschema.main.cli com.github.fge.jsonschema.messages com.github.fge.jsonschema.processors.build com.github.fge.jsonschema.processors.data com.github.fge.jsonschema.processors.digest com.github.fge.jsonschema.processors.format com.github.fge.jsonschema.processors.syntax com.github.fge.jsonschema.processors.validation com.github.fge.jsonschema.validator com.github.fge.msgsimple com.github.fge.msgsimple.bundle com.github.fge.msgsimple.load com.github.fge.msgsimple.locale com.github.fge.msgsimple.provider com.github.fge.msgsimple.source com.github.fge.uritemplate com.github.fge.uritemplate.expression com.github.fge.uritemplate.parse com.github.fge.uritemplate.render com.github.fge.uritemplate.vars com.github.fge.uritemplate.vars.specs com.github.fge.uritemplate.vars.values com.google.common.annotations com.google.common.base com.google.common.base.internal com.google.common.cache com.google.common.collect com.google.common.escape com.google.common.eventbus com.google.common.graph com.google.common.hash com.google.common.html com.google.common.io com.google.common.math com.google.common.net com.google.common.primitives com.google.common.reflect com.google.common.util.concurrent com.google.common.util.concurrent.internal com.google.common.xml com.google.gson com.google.gson.annotations com.google.gson.internal com.google.gson.internal.bind com.google.gson.internal.bind.util com.google.gson.internal.reflect com.google.gson.internal.sql com.google.gson.reflect com.google.gson.stream com.google.protobuf com.opensymphony.module.sitemesh.util com.opensymphony.sitemesh com.opensymphony.sitemesh.compatability com.opensymphony.sitemesh.webapp com.opensymphony.sitemesh.webapp.decorator com.rometools.rome.feed com.rometools.rome.feed.atom com.rometools.rome.io com.sun.jersey.api com.sun.jersey.api.client com.sun.jersey.api.client.async com.sun.jersey.api.client.config com.sun.jersey.api.client.filter com.sun.jersey.api.container com.sun.jersey.api.container.filter com.sun.jersey.api.container.httpserver com.sun.jersey.api.core com.sun.jersey.api.core.servlet com.sun.jersey.api.json com.sun.jersey.api.model com.sun.jersey.api.provider.jaxb com.sun.jersey.api.representation com.sun.jersey.api.uri com.sun.jersey.api.view com.sun.jersey.api.wadl.config com.sun.jersey.client.impl com.sun.jersey.client.impl.async com.sun.jersey.client.proxy com.sun.jersey.client.urlconnection com.sun.jersey.core.header com.sun.jersey.core.header.reader com.sun.jersey.core.impl.provider.entity com.sun.jersey.core.impl.provider.header com.sun.jersey.core.impl.provider.xml com.sun.jersey.core.osgi com.sun.jersey.core.provider com.sun.jersey.core.provider.jaxb com.sun.jersey.core.reflection com.sun.jersey.core.spi.component com.sun.jersey.core.spi.component.ioc com.sun.jersey.core.spi.factory com.sun.jersey.core.spi.scanning com.sun.jersey.core.spi.scanning.uri com.sun.jersey.core.util com.sun.jersey.impl com.sun.jersey.json.impl com.sun.jersey.json.impl.provider.entity com.sun.jersey.json.impl.reader com.sun.jersey.json.impl.writer com.sun.jersey.localization com.sun.jersey.server.impl com.sun.jersey.server.impl.application com.sun.jersey.server.impl.cdi com.sun.jersey.server.impl.component com.sun.jersey.server.impl.container com.sun.jersey.server.impl.container.filter com.sun.jersey.server.impl.container.httpserver com.sun.jersey.server.impl.container.servlet com.sun.jersey.server.impl.ejb com.sun.jersey.server.impl.inject com.sun.jersey.server.impl.managedbeans com.sun.jersey.server.impl.model com.sun.jersey.server.impl.model.method com.sun.jersey.server.impl.model.method.dispatch com.sun.jersey.server.impl.model.parameter com.sun.jersey.server.impl.model.parameter.multivalued com.sun.jersey.server.impl.modelapi.annotation com.sun.jersey.server.impl.modelapi.validation com.sun.jersey.server.impl.monitoring com.sun.jersey.server.impl.provider com.sun.jersey.server.impl.resource com.sun.jersey.server.impl.template com.sun.jersey.server.impl.uri com.sun.jersey.server.impl.uri.rules com.sun.jersey.server.impl.uri.rules.automata com.sun.jersey.server.impl.wadl com.sun.jersey.server.probes com.sun.jersey.server.spi.component com.sun.jersey.server.wadl com.sun.jersey.server.wadl.generators com.sun.jersey.server.wadl.generators.resourcedoc com.sun.jersey.server.wadl.generators.resourcedoc.model com.sun.jersey.server.wadl.generators.resourcedoc.xhtml com.sun.jersey.spi com.sun.jersey.spi.container com.sun.jersey.spi.container.servlet com.sun.jersey.spi.dispatch com.sun.jersey.spi.inject com.sun.jersey.spi.monitoring com.sun.jersey.spi.resource com.sun.jersey.spi.scanning com.sun.jersey.spi.scanning.servlet com.sun.jersey.spi.service com.sun.jersey.spi.template com.sun.jersey.spi.uri.rules i18n io.grpc io.grpc.protobuf io.grpc.stub io.swagger.v3.oas.annotations io.swagger.v3.oas.annotations.callbacks io.swagger.v3.oas.annotations.enums io.swagger.v3.oas.annotations.extensions io.swagger.v3.oas.annotations.headers io.swagger.v3.oas.annotations.info io.swagger.v3.oas.annotations.links io.swagger.v3.oas.annotations.media io.swagger.v3.oas.annotations.parameters io.swagger.v3.oas.annotations.responses io.swagger.v3.oas.annotations.security io.swagger.v3.oas.annotations.servers io.swagger.v3.oas.annotations.tags java.rmi.activation java.security.acl javax.activity javax.cache javax.cache.annotation javax.cache.configuration javax.cache.event javax.cache.expiry javax.cache.integration javax.cache.management javax.cache.processor javax.cache.spi javax.el javax.jws javax.jws.soap javax.persistence javax.persistence.criteria javax.persistence.metamodel javax.persistence.spi javax.rmi javax.rmi.CORBA javax.security.auth.message javax.security.auth.message.callback javax.security.auth.message.config javax.security.auth.message.module javax.transaction javax.xml.soap javax.xml.ws javax.xml.ws.handler javax.xml.ws.handler.soap javax.xml.ws.http javax.xml.ws.soap javax.xml.ws.spi javax.xml.ws.spi.http javax.xml.ws.wsaddressing net.jcip.annotations net.minidev.json net.minidev.json.annotate net.minidev.json.parser net.minidev.json.reader net.minidev.json.writer net.oauth net.oauth.signature net.oauth.signature.pem net.sf.cglib.asm net.sf.cglib.beans net.sf.cglib.core net.sf.cglib.core.internal net.sf.cglib.proxy net.sf.cglib.reflect net.sf.cglib.transform net.sf.cglib.transform.impl net.sf.cglib.util org.apache.commons.collections4 org.apache.commons.collections4.bag org.apache.commons.collections4.bidimap org.apache.commons.collections4.collection org.apache.commons.collections4.comparators org.apache.commons.collections4.functors org.apache.commons.collections4.iterators org.apache.commons.collections4.keyvalue org.apache.commons.collections4.list org.apache.commons.collections4.map org.apache.commons.collections4.multimap org.apache.commons.collections4.multiset org.apache.commons.collections4.properties org.apache.commons.collections4.queue org.apache.commons.collections4.sequence org.apache.commons.collections4.set org.apache.commons.collections4.splitmap org.apache.commons.collections4.trie org.apache.commons.collections4.trie.analyzer org.apache.commons.compress org.apache.commons.compress.archivers org.apache.commons.compress.archivers.ar org.apache.commons.compress.archivers.arj org.apache.commons.compress.archivers.cpio org.apache.commons.compress.archivers.dump org.apache.commons.compress.archivers.examples org.apache.commons.compress.archivers.jar org.apache.commons.compress.archivers.sevenz org.apache.commons.compress.archivers.tar org.apache.commons.compress.archivers.zip org.apache.commons.compress.changes org.apache.commons.compress.compressors org.apache.commons.compress.compressors.brotli org.apache.commons.compress.compressors.bzip2 org.apache.commons.compress.compressors.deflate org.apache.commons.compress.compressors.deflate64 org.apache.commons.compress.compressors.gzip org.apache.commons.compress.compressors.lz4 org.apache.commons.compress.compressors.lz77support org.apache.commons.compress.compressors.lzma org.apache.commons.compress.compressors.lzw org.apache.commons.compress.compressors.pack200 org.apache.commons.compress.compressors.snappy org.apache.commons.compress.compressors.xz org.apache.commons.compress.compressors.z org.apache.commons.compress.compressors.zstandard org.apache.commons.compress.harmony org.apache.commons.compress.harmony.archive.internal.nls org.apache.commons.compress.harmony.pack200 org.apache.commons.compress.harmony.unpack200 org.apache.commons.compress.harmony.unpack200.bytecode org.apache.commons.compress.harmony.unpack200.bytecode.forms org.apache.commons.compress.java.util.jar org.apache.commons.compress.parallel org.apache.commons.compress.utils org.apache.commons.digester org.apache.commons.digester.annotations org.apache.commons.digester.annotations.handlers org.apache.commons.digester.annotations.internal org.apache.commons.digester.annotations.providers org.apache.commons.digester.annotations.reflect org.apache.commons.digester.annotations.rules org.apache.commons.digester.annotations.spi org.apache.commons.digester.annotations.utils org.apache.commons.digester.parser org.apache.commons.digester.plugins org.apache.commons.digester.plugins.strategies org.apache.commons.digester.substitution org.apache.commons.digester.xmlrules org.apache.commons.lang org.apache.commons.lang.builder org.apache.commons.lang.enum org.apache.commons.lang.enums org.apache.commons.lang.exception org.apache.commons.lang.math org.apache.commons.lang.mutable org.apache.commons.lang.reflect org.apache.commons.lang.text org.apache.commons.lang.time org.apache.commons.pool org.apache.commons.pool.impl org.apache.commons.pool2 org.apache.commons.pool2.impl org.apache.commons.pool2.proxy org.apache.commons.validator org.apache.commons.validator.javascript org.apache.commons.validator.resources org.apache.commons.validator.routines org.apache.commons.validator.routines.checkdigit org.apache.commons.validator.util org.apache.felix.webconsole org.apache.http.impl.nio org.apache.http.impl.nio.bootstrap org.apache.http.impl.nio.client org.apache.http.impl.nio.codecs org.apache.http.impl.nio.conn org.apache.http.impl.nio.pool org.apache.http.impl.nio.reactor org.apache.http.impl.nio.ssl org.apache.http.nio org.apache.http.nio.client org.apache.http.nio.client.methods org.apache.http.nio.client.util org.apache.http.nio.conn org.apache.http.nio.conn.scheme org.apache.http.nio.conn.ssl org.apache.http.nio.entity org.apache.http.nio.params org.apache.http.nio.pool org.apache.http.nio.protocol org.apache.http.nio.reactor org.apache.http.nio.reactor.ssl org.apache.http.nio.util org.apache.log4j.helpers org.apache.log4j.spi org.apache.log4j.xml org.apache.logging.log4j.internal org.apache.logging.log4j.simple org.apache.logging.log4j.spi org.apache.logging.log4j.status org.apache.xml.serialize org.apache.xmlcommons org.codehaus.jackson org.codehaus.jackson.annotate org.codehaus.jackson.format org.codehaus.jackson.impl org.codehaus.jackson.io org.codehaus.jackson.jaxrs org.codehaus.jackson.map org.codehaus.jackson.map.annotate org.codehaus.jackson.map.deser org.codehaus.jackson.map.deser.impl org.codehaus.jackson.map.deser.std org.codehaus.jackson.map.exc org.codehaus.jackson.map.ext org.codehaus.jackson.map.introspect org.codehaus.jackson.map.jsontype org.codehaus.jackson.map.jsontype.impl org.codehaus.jackson.map.module org.codehaus.jackson.map.ser org.codehaus.jackson.map.ser.impl org.codehaus.jackson.map.ser.std org.codehaus.jackson.map.type org.codehaus.jackson.map.util org.codehaus.jackson.node org.codehaus.jackson.schema org.codehaus.jackson.sym org.codehaus.jackson.type org.codehaus.jackson.util org.codehaus.jackson.xc org.dom4j org.dom4j.bean org.dom4j.datatype org.dom4j.dom org.dom4j.dtd org.dom4j.io org.dom4j.jaxb org.dom4j.rule org.dom4j.rule.pattern org.dom4j.swing org.dom4j.tree org.dom4j.util org.dom4j.xpath org.dom4j.xpp org.hibernate.validator org.hibernate.validator.cfg org.hibernate.validator.cfg.context org.hibernate.validator.cfg.defs org.hibernate.validator.cfg.defs.br org.hibernate.validator.cfg.defs.pl org.hibernate.validator.cfg.defs.ru org.hibernate.validator.constraints org.hibernate.validator.constraints.br org.hibernate.validator.constraints.pl org.hibernate.validator.constraints.ru org.hibernate.validator.constraints.time org.hibernate.validator.constraintvalidation org.hibernate.validator.constraintvalidators org.hibernate.validator.engine org.hibernate.validator.group org.hibernate.validator.internal org.hibernate.validator.internal.cfg.context org.hibernate.validator.internal.constraintvalidators org.hibernate.validator.internal.constraintvalidators.bv org.hibernate.validator.internal.constraintvalidators.bv.money org.hibernate.validator.internal.constraintvalidators.bv.notempty org.hibernate.validator.internal.constraintvalidators.bv.number org.hibernate.validator.internal.constraintvalidators.bv.number.bound org.hibernate.validator.internal.constraintvalidators.bv.number.bound.decimal org.hibernate.validator.internal.constraintvalidators.bv.number.sign org.hibernate.validator.internal.constraintvalidators.bv.size org.hibernate.validator.internal.constraintvalidators.bv.time org.hibernate.validator.internal.constraintvalidators.bv.time.future org.hibernate.validator.internal.constraintvalidators.bv.time.futureorpresent org.hibernate.validator.internal.constraintvalidators.bv.time.past org.hibernate.validator.internal.constraintvalidators.bv.time.pastorpresent org.hibernate.validator.internal.constraintvalidators.hv org.hibernate.validator.internal.constraintvalidators.hv.br org.hibernate.validator.internal.constraintvalidators.hv.pl org.hibernate.validator.internal.constraintvalidators.hv.ru org.hibernate.validator.internal.constraintvalidators.hv.time org.hibernate.validator.internal.engine org.hibernate.validator.internal.engine.constraintdefinition org.hibernate.validator.internal.engine.constraintvalidation org.hibernate.validator.internal.engine.groups org.hibernate.validator.internal.engine.messageinterpolation org.hibernate.validator.internal.engine.messageinterpolation.el org.hibernate.validator.internal.engine.messageinterpolation.parser org.hibernate.validator.internal.engine.messageinterpolation.util org.hibernate.validator.internal.engine.path org.hibernate.validator.internal.engine.resolver org.hibernate.validator.internal.engine.scripting org.hibernate.validator.internal.engine.validationcontext org.hibernate.validator.internal.engine.valuecontext org.hibernate.validator.internal.engine.valueextraction org.hibernate.validator.internal.metadata org.hibernate.validator.internal.metadata.aggregated org.hibernate.validator.internal.metadata.aggregated.rule org.hibernate.validator.internal.metadata.core org.hibernate.validator.internal.metadata.descriptor org.hibernate.validator.internal.metadata.facets org.hibernate.validator.internal.metadata.location org.hibernate.validator.internal.metadata.provider org.hibernate.validator.internal.metadata.raw org.hibernate.validator.internal.properties org.hibernate.validator.internal.properties.javabean org.hibernate.validator.internal.util org.hibernate.validator.internal.util.annotation org.hibernate.validator.internal.util.classhierarchy org.hibernate.validator.internal.util.logging org.hibernate.validator.internal.util.logging.formatter org.hibernate.validator.internal.util.privilegedactions org.hibernate.validator.internal.util.stereotypes org.hibernate.validator.internal.xml org.hibernate.validator.internal.xml.config org.hibernate.validator.internal.xml.mapping org.hibernate.validator.messageinterpolation org.hibernate.validator.metadata org.hibernate.validator.parameternameprovider org.hibernate.validator.path org.hibernate.validator.resourceloading org.hibernate.validator.spi.cfg org.hibernate.validator.spi.group org.hibernate.validator.spi.messageinterpolation org.hibernate.validator.spi.nodenameprovider org.hibernate.validator.spi.properties org.hibernate.validator.spi.resourceloading org.hibernate.validator.spi.scripting org.jboss.logging org.jdom org.jdom.adapters org.jdom.filter org.jdom.input org.jdom.output org.jdom.transform org.jdom.xpath org.jdom2 org.jdom2.adapters org.jdom2.filter org.jdom2.input org.jdom2.input.sax org.jdom2.input.stax org.jdom2.internal org.jdom2.located org.jdom2.output org.jdom2.output.support org.jdom2.transform org.jdom2.util org.jdom2.xpath org.jdom2.xpath.jaxen org.jdom2.xpath.util org.joda.time org.joda.time.base org.joda.time.chrono org.joda.time.convert org.joda.time.field org.joda.time.format org.joda.time.tz org.joda.time.tz.data org.joda.time.tz.data.Africa org.joda.time.tz.data.America org.joda.time.tz.data.America.Argentina org.joda.time.tz.data.America.Indiana org.joda.time.tz.data.America.Kentucky org.joda.time.tz.data.America.North_Dakota org.joda.time.tz.data.Antarctica org.joda.time.tz.data.Arctic org.joda.time.tz.data.Asia org.joda.time.tz.data.Atlantic org.joda.time.tz.data.Australia org.joda.time.tz.data.Etc org.joda.time.tz.data.Europe org.joda.time.tz.data.Indian org.joda.time.tz.data.Pacific org.omg.CORBA org.omg.CORBA.DynAnyPackage org.omg.CORBA.ORBPackage org.omg.CORBA.TypeCodePackage org.omg.CORBA.portable org.omg.CORBA_2_3 org.omg.CORBA_2_3.portable org.omg.CosNaming org.omg.CosNaming.NamingContextExtPackage org.omg.CosNaming.NamingContextPackage org.omg.Dynamic org.omg.DynamicAny org.omg.DynamicAny.DynAnyFactoryPackage org.omg.DynamicAny.DynAnyPackage org.omg.IOP org.omg.IOP.CodecFactoryPackage org.omg.IOP.CodecPackage org.omg.Messaging org.omg.PortableInterceptor org.omg.PortableInterceptor.ORBInitInfoPackage org.omg.PortableServer org.omg.PortableServer.CurrentPackage org.omg.PortableServer.POAManagerPackage org.omg.PortableServer.POAPackage org.omg.PortableServer.ServantLocatorPackage org.omg.PortableServer.portable org.omg.SendingContext org.omg.stub.java.rmi org.omg.stub.javax.management.remote.rmi org.osgi.service.obr org.osgi.util org.slf4j.bridge org.slf4j.impl org.springframework.osgi.context
RefRestrictionService.match return type changeChanged the return type of RefRestrictionService.match to Map<RefChange, List<RefRestriction>> to avoid the use of a Guava Multimap.
Bitbucket 9.0 and Platform 7 have changed to use the jakarta versions of many javax dependencies. In all cases,
this involves no changes the packages/classes within. If your addon imports Bitbucket's dependencies, it will no
longer be able to use the javax version of a dependency. For example, javax.servlet:javax.servlet-api has been
replaced with jakarta.servlet:jakarta.servlet-api.
Platform 7 and Bitbucket 9.0 have rearchitected the Java APIs used to implement REST resources, which we’re calling REST v2.
Note that this isn't a change to Bitbucket's REST API, which remains largely unchanged. These changes will only impact app developers. The underlying libraries, Jackson and Jersey, have been upgraded to the latest versions. REST v2 also makes use of JAX-RS 2.
As part of this change, the following projects have been replaced with REST v2 versions:
bitbucket-rest-api has been replaced by bitbucket-rest-v2-api.bitbucket-rest-spi has been replaced by bitbucket-rest-v2-spi.bitbucket-rest-model has been removed with most classes moved to bitbucket-rest-v2-api.The REST v2 upgrade guide contains advice and examples on how to upgrade your app to use REST v2. There is further, Bitbucket-specific advice on Bitbucket REST v2 migration for app developers page.
Bitbucket 9.0 introduces a new feature to ensure an administrator's identity prior to them performing administrator
actions. Secure Administrator Sessions, also called Web Sudo, creates an extra layer of protection by prompting admins
to re-enter their passwords to access administrative functions. By default, web sudo is enabled but it can be disabled
setting the feature.websudo property in the Bitbucket home. Additionally, administrator actions can be restricted to
users from specific IP addresses by setting websudo.allowlist.patterns in the Bitbucket home.
Apps can opt into web sudo by adding the
@com.atlassian.sal.api.websudo.WebSudoRequired annotation to REST APIs that require admin access. Similarly,
servlets that require admin access should import
com.atlassian.sal.api.websudo.WebSudoManager and call the method enforceWebSudoProtection prior to allowing the user
access to administrator actions.
For further information see: Adding WebSudo support to your app.
Bitbucket 9.0 introduces changes to the way authentication and authorization are checked in endpoints defined by servlets, and with similar changes for servlet filters, since it is possible to build an endpoint in a servlet filter.
Historically Bitbucket implements authentication and authorization checks in the service layer, and it still does. However as of Bitbucket 9.0 additional tools are provided to allow coarse grained authorization checks to be performed in the presentation later.
The following annotations are available:
@SystemAdminOnly - User requires SYS_ADMIN permission.@AdminOnly - User requires ADMIN permission.@LicensedOnly - User must be authenticated.@AnonymousSiteAccess - If public access feature is enabled, then this is equivalent to @UnrestrictedAccess, if
disabled then this is equivalent to @LicensedOnly.@UnrestrictedAccess - Anonymous access allowed.These annotations exist in the com.atlassian.annotations.security Java package, and are provided by the following
Maven dependency:
1 2<dependency> <groupId>com.atlassian.annotations</groupId> <artifactId>atlassian-annotations</artifactId> <scope>provided</scope> </dependency>
By default, if no annotation is present then @LicensedOnly is assumed. This means, for servlets, a request by an
unauthenticated user will fail with status 401. And for servlet filters, the filter will not be called for requests
without authentication.
If one of the above security annotations are added ensure com.atlassian.annotations.security is OSGi imported by the
app. If an app fails to import the package then the annotation scanner will silently fail to see the annotation
and the default authentication/authorization requirement (i.e. @LicensedOnly) will be applied.
For further information see: Prepare your Data Center app to comply with secure endpoint defaults
GET /rest/mirroring/latest/progress as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers/{upstreamId}/progressGET /rest/mirroring/latest/farmNodes as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers/{upstreamId}/farmNodesGET /rest/mirroring/latest/upstreamServer as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers and /rest/mirroring/latest/upstreamServers/{upstreamId}GET /rest/mirroring/latest/mirrorRepos/{externalRepositoryId} as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers/{upstreamId}/repos/{upstreamRepoId}GET /rest/mirroring/latest/syncSettings as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers/{upstreamId}/settingsPUT /rest/mirroring/latest/syncSettings as a replacement for now deprecated PUT /rest/mirroring/latest/upstreamServers/{upstreamId}/settingsGET /rest/mirroring/latest/syncSettings/mode as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers/{upstreamId}/settings/modePUT /rest/mirroring/latest/syncSettings/mode as a replacement for now deprecated PUT /rest/mirroring/latest/upstreamServers/{upstreamId}/settings/modeGET /rest/mirroring/latest/syncSettings/projects as a replacement for now deprecated GET /rest/mirroring/latest/upstreamServers/{upstreamId}/settings/projectsPOST /rest/mirroring/latest/syncSettings/projects as a replacement for now deprecated POST /rest/mirroring/latest/upstreamServers/{upstreamId}/settings/projectsPOST /rest/mirroring/latest/syncSettings/projects/{projectId} as a replacement for now deprecated POST /rest/mirroring/latest/upstreamServers/{upstreamId}/settings/projects/{projectId}DELETE /rest/mirroring/latest/syncSettings/projects/{projectId} as a replacement for now deprecated DELETE /rest/mirroring/latest/upstreamServers/{upstreamId}/settings/projects/{projectId}GET /rest/mirroring/latest/supportInfo/projects/{projectKey}/repos/{repoSlug}/repoSyncStatusPUT /rest/mirroring/latest/mirrorServers/{mirrorId}
The request and response body don't contain the following fields and passing them in the request doesn't do anything:
addonDescriptorUri - This was only present in the request body and is no more applicable as the mirrors are not
installed as add-on on upstream.productType - This always used to be "Bitbucket".POST /rest/mirroring/latest/requests
The request and response body don't contain the following fields and passing them in the request doesn't do anything:
addonDescriptorUri - This is no more applicable as the mirrors are not installed as add-on on upstream.productType - This always used to be "Bitbucket".GET /rest/mirroring/latest/requests
The response body doesn't contain the following fields anymore:
addonDescriptorUri - This is no more applicable as the mirrors are not installed as add-on on upstream.productType - This always used to be "Bitbucket".GET /rest/mirroring/latest/requests/{mirroringRequestId}
The response body doesn't contain the following fields anymore:
addonDescriptorUri - This is no more applicable as the mirrors are not installed as add-on on upstream.productType - This always used to be "Bitbucket".GET /rest/mirroring/latest/mirrorServers
The response body doesn't contain the following field anymore:
productType - This always used to be "Bitbucket".GET /rest/mirroring/latest/mirrorServers/{mirrorId}
The response body doesn't contain the following field anymore:
productType - This always used to be "Bitbucket".GET /mirroring/latest/repos/{repoId}/mirrors now supports additional optional boolean query parameter preAuthorized.
This parameter is false if not provided and setting it to true will return the URLs which are pointing to upstream
and don't contain JWT. Starting Bitbucket 10.0, this will be the default behavior and the preAuthorized query
parameter will be removed.POST /rest/mirroring/latest/authenticate
The field requiredPermissionsOnly is removed from the request body and passing it won't do anything. For non-SSH
credentials, the response will contain only the highest global permission along with the highest repository
permission (if repository ID is also provided in the request).GET /rest/mirroring/latest/mirrorServers/{mirrorId}/token as the upstream no longer provides a JWT to
authenticate with mirrors due to a security vulnerability. Prior to 9.0.0, this end-point was used on the Mirrors
setting admin screen for generating a JWT to authorize with mirrors.GET /rest/mirroring/latest/mirrorServers/{mirrorId}/webPanels/config as this is no more applicable due to UI
changes on Mirror settings page.Tasks are now managed using Comments with BLOCKER severity. The following deprecated REST endpoints have been removed:
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/tasksGET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/blocker-commentsGET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/tasks/countGET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/blocker-comments?count=truePOST /rest/api/latest/tasksPOST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments,
passing the attribute severity set to BLOCKER.GET /rest/api/latest/tasks/{taskId}GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}PUT /rest/api/latest/tasks/{taskId}PUT /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId},
to resolve a task, pass the attribute state set to RESOLVED.DELETE /rest/api/latest/tasks/{taskId}DELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}The following mirroring REST endpoints have been removed:
This operation is now automatically triggered by a background task.
POST /rest/mirroring/latest/upstreamServers/{upstreamId}/repos/{upstreamRepoId}/synchronizationPOST /rest/mirroring/latest/upstreamServers/{upstreamId}/synchronizationStarting from 4.6.0, mirrors no longer specify a disabled lifecycle callback in their addon descriptor.
Prior to 4.6.0, this was the callback method that was called when the mirroring atlassian-connect add-on has been
disabled in the upstream server identified by upstreamId.
POST rest/mirroring/latest/upstreamServers/{upstreamId}/addon/disabledStarting from 4.6.0, mirrors no longer specify an enabled lifecycle callback in their addon descriptor.
Prior to 4.6.0, this was the callback method that was called when the mirroring atlassian-connect add-on has been
enabled in the upstream server identified by upstreamId.
POST /rest/mirroring/latest/upstreamServers/{upstreamId}/addon/enabledWeb Fragments on the source view page have been converted to Client Side Extensions (CSEs). Apps that want to extend the source view page should move the React-based CSE framework. You can read more about using CSEs here. We also have an example app that uses CSEs.
The following plugin points have been migrated to CSEs:
bitbucket.file-content.source.toolbar.primarybitbucket.file-content.source.toolbar.secondarybitbucket.file-content.diff.toolbar.primarybitbucket.file-content.diff.toolbar.secondarybitbucket.file-content.diff-view.optionsbitbucket.branch.layout.actions.dropdown (source view only)Client Side Extensions documentation
jQuery has been updated to version 3.6.0 and jQuery Migrate to version 3.4.1. If your app uses jQuery, we recommend upgrading to version 3.6.0 for best performance and compatibility going forward.
Important things to note about the frontend API changes:
Added optional draft parameter for the following endpoint to filter pull requests by draft status
GET /rest/api/latest/projects/{{projectKey}}/repos/{{repositorySlug}}/pull-requestsisDraft in PullRequestvisit in PullRequestActivityVisitor for PullRequestDraftStatusUpdatedActivityisDraft in PullRequestCreateRequestdraft in PullRequestCreateRequestPullRequestDraftStatusUpdatedActivityisDraft in PullRequestImportRequestdraft in PullRequestImportRequestDRAFT_STATUS in PullRequestOrderenumisDraft in PullRequestSearchRequestdraft in PullRequestSearchRequestPullRequestUpdatedEvent which takes previousDraft as a parameterPullRequestUpdatedEventisDraft in PullRequestUpdatedEventisPreviousDraft in PullRequestUpdatedEventisDraft in PullRequestUpdateRequestdraft in PullRequestUpdateRequestisDraft in RestPullRequesthasDraft in RestPullRequestRestPullRequestDraftStatusUpdatedActivityUpdate and retrieve the configuration for signed system commits
POST /rest/api/latest/system-signing/configurationGET /rest/api/latest/system-signing/configurationUpdated order query parameter for the following endpoint to accept a list of dimensions to order by
GET /rest/api/latest/dashboard/pull-requestsgetOrders in PullRequestSearchRequest which returns a list to order search results ingetOrder in PullRequestSearchRequestorders in PullRequestSearchRequestReturns the best common ancestor between two commits
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/merge-base?otherCommitId={otherCommitId}Return the best common ancestor between the latest commits of the source and target branches of the pull request
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/merge-base?otherCommitId={otherCommitId}getMergeBase in PullRequestServiceCreate, update, delete and get auto-merge settings at project level
PUT /rest/api/latest/projects/{projectKey}/settings/auto-mergeDELETE /rest/api/latest/projects/{projectKey}/settings/auto-mergeGET /rest/api/latest/projects/{projectKey}/settings/auto-mergeCreate, update, delete and get auto-merge settings at repository level
PUT /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/settings/auto-mergeDELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/settings/auto-mergeGET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/settings/auto-mergeRequest the system to try merging a pull request when auto-merge is already requested for it
POST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/auto-mergeCancel a request for auto-merging the pull request
DELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/auto-mergeGetting details of an auto-merge request for the pull request
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/auto-mergeAdded autoMerge field in the request body for the following endpoint to submit auto-merge request for the pull request
POST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/mergeAdded autoMerge field in the response body for the following endpoint when the action field is equal to MERGED. The new field indicates if the merged activity denotes an auto-merge action by the system or a manual merge by the user
POST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/activitiesAUTO_MERGE_CANCELLED and AUTO_MERGE_REQUESTED in PullRequestAction enum.PULL_REQUEST_AUTO_MERGE in StandardFeature enum.SimplePullRequestMergeHookRequest.Builder class that accepts additional parameter abortOnFirstVeto.PullRequestMergedEvent.isAutoMerge in PullRequestMergedEvent.isAutoMerge in PullRequestMergedActivity.isAutoMerge in RestPullRequestMergedActivity.AutoMergeCancelledReason.PullRequestAutoMergeCancelledActivity.visit method in PullRequestActivityVisitor which takes a parameter of type PullRequestAutoMergeCancelledActivity.PullRequestAutoMergeCancelledEventPullRequestAutoMergeRequestedEventAutoMergeNotRequestedExceptionAutoMergeSettingNotEnabledExceptionAutoMergeRequestAutoMergeService.AutoMergeSettings.AutoMergeProcessingResult.AutoMergeSettingsCreateRequest.AutoMergeSettingsService.rest-model module:
RestAutoMergeProcessingResultRestAutoMergeProjectSettingsRequestRestAutoMergeRequestRestAutoMergeRestrictedSettingsRestAutoMergeSettingsRestAutoMergeSettingsRequestisAutoMerge in RestPullRequestMergeRequest in rest-model module.getContext method in PullRequestMergeRequest and context method in PullRequestMergeRequest.Builder.getContext method in PullRequestMergeCommandParameters and context method in PullRequestMergeCommandParameters.Builder.getContext in MergeRequest SPI.getContext in RestPullRequestMergeRequest in rest-model module.git-api module:
GitEmptyRebaseBeforeMergeExceptionGitEmptySquashExceptionGitMergeStrategyExceptionGitRebaseBeforeMergeConflictedExceptionGitUnsupportedMergeStrategyExceptionREVERT in the ScmFeature enum.revert in ScmExtendedCommandFactory.revert in PluginExtendedCommandFactory SPI to allow SCMs to provide their own implementation
for reverting commits.RevertCommandParameters to describe a request to revert the commit.com.atlassian.bitbucket.ssh.util.KeyUtils provided by the module ssh-api, for removal in 9.0. Use third-party
alternatives for operations on SSH public keys.@EncodedPublicKey and the associated com.atlassian.bitbucket.ssh.validation.PublicKeyValidator for removal
in 9.0. Use alternate ways of validating encoded SSH public keys.isDisabled method in FeatureManager.Get active user directories, you can specify an optional query param to include inactive directories
GET /rest/api/latest/admin/user-directories?includeInactive=<includeInactive>Commit message templates are an extension on the existing Merge Strategies
If no value is provided for the template when posting to existing resources no change is made to the template. Sending an empty object for the template will remove the template.
New Java API exists to create and remove templates, but not to get rendered templates.
Create a new restriction in the given project
POST /rest/api/latest/projects/{projectKey}/settings-restrictionDelete a restriction in the given project with the provided namespace, feature key and optional component key
DELETE /rest/api/latest/projects/{projectKey}/settings-restriction?namespace=<namespace>&featureKey=<featureKey>&componentKey=<componentKey>Gets a restriction in the given project with the provided namespace, feature key and optional component key if one is present
GET /rest/api/latest/projects/{projectKey}/settings-restriction?namespace=<namespace>&featureKey=<featureKey>&componentKey=<componentKey>Gets all restriction in the given project with the provided namespace and feature key if any are present
GET /rest/api/latest/projects/{projectKey}/settings-restriction/all?namespace=<namespace>&featureKey=<featureKey>Starting 8.10, automatic branch merging feature is known as cascading merge. Following classes are deprecated for removal in 9.0:
AutomaticMergeEvent is replaced by a new class CascadingMergeEventAutomaticMergeStoppedEvent is replaced by a new class CascadingMergeStoppedEventAutomaticMergeStopReason is replaced by a new class CascadingMergeStopReasonAutomaticMergeSucceededEvent is replaced by a new class CascadingMergeSucceededEventAdded threadResolved body parameter to the following endpoints:
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}PUT /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}DELETE /rest/api/latest/admin/git/mesh/nodes/{id}Prior to 8.8, webhooks only existed at the repository level. In 8.8, we've added support for project level webhooks.
New REST endpoints:
Create a webhook in the given project
POST /rest/api/latest/projects/{projectKey}/webhooksFind webhooks in the given project
GET /rest/api/latest/projects/{projectKey}/webhooksGet a webhook in the given project
GET /rest/api/latest/projects/{projectKey}/webhooks/{webhookId}Delete a webhook in the given project
DELETE /rest/api/latest/projects/{projectKey}/webhooks/{webhookId}Update an existing webhook in the given project
PUT /rest/api/latest/projects/{projectKey}/webhooks/{webhookId}Get the latest invocations for a specific webhook in the given project
GET /rest/api/latest/projects/{projectKey}/webhooks/{webhookId}/latestGet the statistics for a specific webhook in the given project
GET /rest/api/latest/projects/{projectKey}/webhooks/{webhookId}/statisticsGet the statistics summary for a specific webhook in the given project
GET /rest/api/latest/projects/{projectKey}/webhooks/{webhookId}/statistics/summaryTest connectivity to a specific endpoint
POST /rest/api/latest/projects/{projectKey}/webhooks/test?url=<url>&?sslVerificationRequired=<true|false>Search webhooks in the given repository and parent project by scope.
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/webhooks/search?scopeType=<scopeType>RestSshKey class updated to contain created date, expiry days and last authenticated fields
Global settings that enforce the maximum expiry of SSH keys and restrictions on SSH key types
GET /rest/ssh/latest/admin
PUT /rest/ssh/latest/admin
Get supported SSH key algorithms and lengths
GET /rest/ssh/latest/admin/supported-key-typesGet SSH key by ID
GET /rest/ssh/latest/keys/{id}Inspect the contents of a mirror farm's ref changes queue
GET /rest/mirroring/latest/supportInfo/refChangesQueueGets the number of items within the ref changes queue
GET /rest/mirroring/latest/supportInfo/refChangesQueue/countGets the sync status of repositories on the mirror node
GET /rest/mirroring/latest/supportInfo/repoSyncStatusSearch direct and implied permissions of users and groups
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissions/searchGET /rest/api/latest/projects/{projectKey}/permissions/searchProject level allow list rules
GET /rest/api/latest/projects/{projectKey}/secret-scanning/allowlistPOST /rest/api/latest/projects/{projectKey}/secret-scanning/allowlistGET /rest/api/latest/projects/{projectKey}/secret-scanning/allowlist/{id}DELETE /rest/api/latest/projects/{projectKey}/secret-scanning/allowlist/{id}PUT /rest/api/latest/projects/{projectKey}/secret-scanning/allowlist/{id}Repository level allow list rules
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/allowlistPOST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/allowlistGET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/allowlist/{id}DELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/allowlist/{id}PUT /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/allowlist/{id}Project level rules
GET /rest/api/latest/projects/{projectKey}/secret-scanning/rulesPOST /rest/api/latest/projects/{projectKey}/secret-scanning/rulesGET /rest/api/latest/projects/{projectKey}/secret-scanning/rules/{id}DELETE /rest/api/latest/projects/{projectKey}/secret-scanning/rules/{id}PUT /rest/api/latest/projects/{projectKey}/secret-scanning/rules/{id}Repository level rules
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/rulesPOST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/rulesGET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/rules/{id}DELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/rules/{id}PUT /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/secret-scanning/rules/{id}Revoke all permissions for the specified project/repository for the given groups and users
DELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/permissionsDELETE /rest/api/latest/projects/{projectKey}/permissionsGlobal level rules
GET /rest/api/latest/secret-scanning/rulesPOST /rest/api/latest/secret-scanning/rulesGET /rest/api/latest/secret-scanning/rules/{id}DELETE /rest/api/latest/secret-scanning/rules/{id}PUT /rest/api/latest/secret-scanning/rules/{id}REPO_CREATE has been added as a project permission to give users more autonomy to create repositories and maintain
them. Users can now create, import and fork repositories into a project they are assigned REPO_CREATE in. When a user
creates, imports or forks a repository they will automatically be added as an admin to that repository. The user will
also have REPO_WRITE access to the project.
Microsoft Windows has always been an inferior platform for hosting Bitbucket Server when compared to Linux. Disk I/O and process forking performance is poor on Windows and this impacts Bitbucket’s performance. As a result, we have never supported Data Center licenses or licenses with more than 500 users on Windows.
Bitbucket 8.0 will not support hosting on the Windows operating system. For app developers running Windows, we recommend running Bitbucket from within Windows Subsystem for Linux or in a virtual machine.
Interfaces, classes, and methods in the Bitbucket Data Center Java API that were previously marked as deprecated have been removed.
Plugins that use any of these interfaces (which would have generated deprecation warnings when built against Bitbucket Server 7.x) generally won’t build with Bitbucket Data Center 8.x
Precompiled plugins that used any of the removed interfaces will fail to install or run in Bitbucket Data Center 8.x,
typically with java.lang.NoSuchMethodError or java.lang.ClassNotFoundExceptions.
ScmCommandBuilder changes and the GitWorkTree API
Bitbucket 8.0 includes changes to support Bitbucket Mesh, which uses replication to provide scaling and high
availability. Bitbucket needs to have strict control over updates to repositories to ensure all replicas are updated in
sync. Several commands that could earlier be invoked using ScmCommandBuilder can no longer be used directly starting in
8.0. The following is a comprehensive list of such commands:
1 2"add", "apply", "bisect", "checkout", "checkout-index", "citoool", "clean", "clone", "commit", "commit-tree", "config", "credential", "credential-cache", "credential-store", "daemon", "fast-import", "filter-branch", "gc", "gui", "imap-send", "init", "init-db", "instaweb", "ls-files", "merge-file", "merge-index", "merge-one-file", "merge-tree", "prune", "read-tree", "reflog", "reset", "restore", "rm", "stash", "send-email", "show-index", "sparse-checkout", "status", "submodule", "switch", "web--browse", "update-index", "worktree", "write-tree"
Some commands in the above list will be restricted in Bitbucket 8.0 to prevent changes that could break the replication
mechanism. Other commands only make sense in non-bare repositories and will only be supported in the context of a
GitWorkTree. The GitWorkTree API was introduced in Bitbucket 7.14 and there is an introduction to the API in the
Bitbucket 7.14 API changelog.
Removed API and REST resources related to Tasks
In Bitbucket 7.2, Tasks were replaced with “blocker comments” in order to support top-level tasks and tasks with rich
text. Details on affected classes and migration guidance can be found in the Bitbucket 7.2 API changelog.
Change in return type of RepositoryDeletedEvent.getForkIds and RepositoryDeletionRequestedEvent.getForkIds
Both these classes returned an Iterable<Integer> and have been changed to return Set<Integer> for ease of use.
Replaced Bitbucket auditing API with cross-product auditing API
Bitbucket 7.0 introduced a new cross-product audit log
that captured more events and more information about each event. It also introduced a new API for auditing events
(and a new REST API for retrieving auditing events from the database) and deprecated the Bitbucket’s old auditing API
(mostly contained within the com.atlassian.bitbucket.audit package).
Bitbucket 8.0 removes the old audit API which includes classes in com.atlassian.bitbucket.audit and a number of other
classes that converted between the old system and the new system. NOTE: Bitbucket 8.0 also removes the
old legacy REST API
for getting audit events by project or repository.
Details on the cross-product auditing log and a short introduction to the new API can be found in this post to the Atlassian developer community.
Removed API details
The following classes and interfaces have been removed in Bitbucket Server 8.0. Please see the linked Javadoc for Bitbucket Server 7.21 for informing regarding deprecation and possible alternative classes and interfaces.
AvatarDeletedExceptionBuildStatusBuildStatusServiceBuildStatusSetEventBuildStatusSetRequestBuildSummaryRestDetailedRepositoryRestDetailedRepositoryPageTaskEvent and subclasses (TaskCreatedEvent, TaskDeletedEvent, TaskUpdatedEvent)In addition, deprecated methods in existing classes and interfaces across the whole Bitbucket Data Center API have been removed:
NavBuilder methods related to the Jira commit checker and the old way of building attachments.Consult the Bitbucket Server 7.21 Java API Reference for details on the removed methods, and their alternatives in Bitbucket Server 8.x.
In Bitbucket 7.0, we redesigned the pull request experience to bring a slew of new features and better performance.
Bitbucket 8.0 introduces the same experience to other areas in Bitbucket where we show code diffs: the commit diff page, the create pull request page and the branch compare page. As a result, plugin points on these pages will no longer render. Frontend plugin points on these pages will need to change, similar to what was required for the original pull request update.
CI tools can now create build statuses with UNKNOWN and CANCELLED state.
Consumers of build statuses should also update their integrations to handle these possible states on a build status.
There is currently a bug in the Web Resource Manager that means some plugin internationalization may not work as expected. The workaround to this bug is documented in this post in our developer forums.
SearchInformationService#getElasticsearchVersion() has been deprecated and will be removed in Bitbucket Server 8.0.
SearchInformationService#getDistribution() and SearchInformationService#getVersion() should be used instead.
RepositoryBuildStatusDeletedEvent which is raised when the build status is removed.lastUpdated in RepositoryBuildStatusSetRequest to fix the problem of showing stale build status.
A CI tool can set this field while sending build-status using
builds REST endpoint.New REST endpoints:
GET /rest/access-tokens/1.0/projects/{projectKey} and GET /rest/access-tokens/1.0/projects/{projectKey}/repos/{repositorySlug}get HTTP tokens for the provided project or repository
PUT /rest/access-tokens/1.0/projects/{projectKey} and PUT /rest/access-tokens/1.0/projects/{projectKey}/repos/{repositorySlug}create an HTTP token for the provided project or repository
GET, DELETE, POST /rest/access-tokens/1.0/projects/{projectKey}/{tokenId} and GET, DELETE, POST /rest/access-tokens/1.0/projects/{projectKey}/repos/{repositorySlug}get, delete or modify the provided token
New REST endpoints:
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/deployments?key=<key>&environmentKey=<environmentKey>&deploymentSequenceNumber=<deploymentSequenceNumber>get the deployment matching the specified repositorySlug, key, environmentKey and deploymentSequenceNumber.
DELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/deployments?key=<key>&environmentKey=<environmentKey>&deploymentSequenceNumber=<deploymentSequenceNumber>delete the deployment matching the specified repositorySlug, key, environmentKey and deploymentSequenceNumber.
POST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/deploymentscreate or update a deployment.
New Java and REST API methods have been added to configure Branch deletion on merge for Project and Repository.
DeleteAfterMergeConfigurationService.deleteConfiguration(scope), DeleteAfterMergeConfigurationService.getConfiguration(scope) and DeleteAfterMergeConfigurationService.setConfiguration(DeleteAfterMergeConfigurationRequest) introduce the ability
to configure Branch deletion on merge feature.
New REST endpoints:
PROJECT
GET /rest/branch-utils/latest/projects/{key}/delete-after-mergeget if the feature is enabled for a Project.
POST /rest/branch-utils/latest/projects/{key}/delete-after-mergeenable or disable the feature for a Project.
REPOSITORY
GET /rest/branch-utils/latest/projects/{key}/repos/{slug}/delete-after-mergeget if the configuration is enabled for a Repository.
POST /rest/branch-utils/latest/projects/{key}/repos/{slug}/delete-after-mergeenable or disable the configuration for a Repository.
DELETE /rest/branch-utils/latest/projects/{key}/repos/{slug}/delete-after-mergedelete the configuration for a Repository.
Bitbucket 7.14 uses a different mechanism for repository size calculation to make it more efficient. Following changes are done in the Bitbucket API/SPI:
repositorySize is added to ScmCommandFactory.ScmService#getSize is deprecated and will be removed in 8.0. This method is replaced by
ScmCommandFactory#repositorySize.RepositorySize that represents the size of a repository.RepositorySizeCommandParameters that represents the additional command parameters provided to the
ScmCommandFactory#repositorySize method.repositorySize is added to PluginCommandFactory SPI with a default implementation that returns aSimpleCommand returning repository size as null. The default implementation will be removed in 8.0.Scm#getSize is deprecated and will be removed in 8.0. This method is replaced by
PluginCommandFactory#repositorySize.repositorySize is added to GitCommandFactory to return a GitCommand for calculating the repository
size.GitCountObjectsBuilder for building git count-objects command.countObjects is added to GitScmCommandBuilder for creating an instance of GitCountObjectsBuilder.RepositoryService#getSize uses the new command returned by ScmCommandFactory#repositorySize. A cached value is
returned which may not be updated immediately after the content changes. Also, this method uses different
configuration for timeout and returns 0 when the underlying command times out.Bitbucket 7.14 introduces a new API for dealing with worktree paths in repositories. A worktree is a temporary location on disk associated with a change operation and is deleted when the operation completes or when the expiry time defined for the worktree has been reached. These are different from Git worktrees which allow managing multiple generally long-lived additional working copies for a single repository.
Historically, apps that wanted to create new (merge) commits could use the free-form API exposed by ScmCommandBuilder to
manually set up a worktree using git clone --no-checkout. That will no longer be possible from 8.0 because Bitbucket Server
is moving to a model where Git repositories can be moved to external nodes.
As a result, it will no longer be possible to run free-form git commands to (efficiently) set up local worktrees. To
address this, Bitbucket 7.14 introduces a new GitWorkTree API to allow apps to set up and work with worktrees in a way that
will work with repositories hosted on external nodes. The newly introduced GitWorkTreeBuilder can be used to create
a GitWorkTree for a given Repository, perform operations in the context of the GitWorkTree, and optionally publish
the changes back to the Repository.
App developers are strongly encouraged to investigate whether their existing apps can be built with the new API as soon as possible and provide feedback. The initial API in Bitbucket Server 7.14 should cover many use cases, but it may have gaps that would be blockers for some apps. If app developers wait until Bitbucket Server 8.0 forces them to adopt the new API, they may find it’s not possible.
In addition, since Bitbucket Mesh will use replication to provide scaling and high availability, Bitbucket needs
to have strict control over updates to repositories to ensure all replicas are updated in sync. Several commands that
could earlier be invoked using ScmCommandBuilder can no longer be used directly starting 8.0. Following is a
comprehensive list of such commands:
1 2"add", "apply", "bisect", "checkout", "checkout-index", "citoool", "clean", "clone", "commit", "commit-tree", "config", "credential", "credential-cache", "credential-store", "daemon", "fast-import", "filter-branch", "gc", "gui", "imap-send", "init", "init-db", "instaweb", "ls-files", "merge-file", "merge-index", "merge-one-file", "merge-tree", "prune", "read-tree", "reflog", "reset", "restore", "rm", "stash", "send-email", "show-index", "sparse-checkout", "status", "submodule", "switch", "web--browse", "update-index", "worktree", "write-tree"
Some of the commands in the above list will be restricted in Bitbucket 8.0 to prevent changes that could break the
replication mechanism. Other commands only make sense in non-bare repositories and will only be supported in the
context of a GitWorkTree.
The basic workflow for creating a set of changes in a repository using the new GitWorkTree API looks like the following:
Create a new GitWorkTreeBuilder for the repository using GitWorkTreeBuilderFactory#builder(Repository).
Create a new temporary GitWorkTree using the GitWorkTreeBuilder. This worktree is automatically deleted after the
operation completes.
Specify the commit the worktree should check out using GitWorkTreeBuilder#commit(String).
Use GitWorkTreeBuilder#execute(GitWorkTreeCallback) to execute the desired change operation in the context of the
temporary GitWorkTree.
Add or edit files using GitWorkTree#write(String, Charset, IoConsumer), or use GitWorkTree#builder() to manipulate
the index directly (though Git operations such as rm and mv) and/or to create new commits.
Use GitWorkTree#publish(PublishGitWorkTreeParameters) to publish the HEAD commit of the worktree to the repository,
using PublishGitWorkTreeParameters.Builder#branch(String, String) to specify the target branch to update. A single
branch can be updated at a time, but it is possible to call GitWorkTree#publish(PublishGitWorkTreeParameters)
more than once to update different branches in the lifetime of a single GitWorkTree.
For a more complete example, refer to this page.
In Bitbucket 7.14, the following new REST end-points are added for build-status:
GET /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/buildsDELETE /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/buildsThe following REST end-points are deprecated:
GET /rest/api/1.0/build-status/latest/commits/{commitId}POST /rest/api/1.0/build-status/latest/commits/{commitId}In Bitbucket 7.13, Bitbucket Data Center introduces a way to create reviewer groups to add to pull requests. Reviewer groups can be created on a project and repository context by users with admin permissions.
New REST endpoints:
PROJECT
GET /rest/api/latest/projects/{key}/settings/reviewer-groups/get all the reviewer groups of a Project.
GET /rest/api/latest/projects/{key}/settings/reviewer-groups/{id}get a specific reviewer group given the specified ID.
POST /rest/api/latest/projects/{key}/settings/reviewer-groups/create a reviewer group.
PUT /rest/api/latest/projects/{key}/settings/reviewer-groups/{id}update the name and users of a reviewer group given a specified ID.
DELETE /rest/api/latest/projects/{key}/settings/reviewer-groups/{id}delete the reviewer group given a specified ID.
REPOSITORY
GET /rest/api/latest/projects/{key}/repos/{slug}/settings/reviewer-groups/get all the reviewer groups of a Repository.
GET /rest/api/latest/projects/{key}/repos/{slug}/settings/reviewer-groups/{id}get a specific reviewer group given a specified ID.
GET /rest/api/latest/projects/{key}/repos/{slug}/settings/reviewer-groups/{id}/usersretrieve the users of a reviewer group. This does not return all the users of the group, only the users who have REPO_READ permission for the specified repository.
POST /rest/api/latest/projects/{key}/repos/{slug}/settings/reviewer-groups/create a reviewer group.
PUT /rest/api/latest/projects/{key}/repos/{slug}/settings/reviewer-groups/{id}update the name and users of a reviewer group with a specified ID.
DELETE /rest/api/latest/projects/{key}/repos/{slug}/settings/reviewer-groups/{id}delete the reviewer group given a specified ID.
The new ReviewerGroupService introduces this ability to create, edit and delete reviewer groups.
Starting with Bitbucket 7.9, Bitbucket Data Center can be upgraded without downtime through a rolling upgrade. The administrative actions required to orchestrate a rolling upgrade (such as enable upgrade mode or approve upgrade) can be triggered via the Bitbucket REST API. For more details see the Rolling Upgrades REST API documentation.
In Bitbucket 7.9 we have updated the Bitbucket API, ClusterNode, to expose getBuildVersion. When called, the semantic
Bitbucket version running on the queried node is returned. Additionally, when calling the /rest/api/1.0/admin/cluster
REST endpoint, each node result will include its version.
The enum type,ApplicationState, was updated as part of Bitbucket 7.9 to include the value UNKNOWN. This new enum
value is used to indicate that the application is in an indeterminate state.
A new SPI ShutdownHook allows components to respond to system shutdown as soon as it is initiated. When the Bitbucket
JVM is terminated gracefully (and not killed immediately), components are shutdown in different phases over a period of
time. Components implementing ShutdownHook are the first ones to be notified by invoking
ShutdownHook.startShutdown, which give them opportunity to prepare for shutdown e.g. drain tasks, flush data,
"finalize" the state before shutdown. ShutdownHook receives Duration as parameter in ShutdownHook.startShutdown,
which is the longest system will wait for it to finish its processing before shutdown process continues without it and
eventually terminates it.
A new SPI com.atlassian.bitbucket.build.server.PluginBuildServerProvider allows plugins to act as a proxy between
Bitbucket Server and a CI tool. Implement this class, and register it in the plugin's atlassian-plugin.xml file using:
1 2<build-server-provider key="my-ci-tool-provider" class="com.my.plugin.MyBuildServerProvider"/>
This will allow Bitbucket Server to call on the plugin when a build status is created using
com.atlassian.bitbucket.build.server.PluginBuildServerProvider.getBuildServer
in order to record the build status as being associated with that plugin.
Build statuses that have a build server will be able to:
com.atlassian.bitbucket.build.server.BuildStatusEnrichercom.atlassian.bitbucket.build.server.operations.PluginBuildServerClient.getAuthorizationUrlcom.atlassian.bitbucket.build.server.operations.PluginBuildServerClient.getOperations and
com.atlassian.bitbucket.build.server.operations.PluginBuildServerClient.performActionStarting in Bitbucket 7.7 responding to comments became more interesting and fun. We have added the ability to add emoji to any comment. Any "like" that is already present on a comment will be migrated and represented as a "thumbsup" emoji instead now.
CommentReactionService.addReaction, CommentReactionService.removeReaction, and CommentReactionService.getReaction
introduce this ability to add a reaction, remove a reaction, and check whether a user has reacted to a comment with a
specific reaction respectively.
New REST endpoints:
PUT /rest/api/latest/projects/{key}/repos/{slug}/pull-requests/{id}/comments/{comment_id}/reactions/{emoticon}can be used to add a specific emoji to a specific comment. The request header should have
Content-Type: application/json.
DELETE /rest/api/latest/projects/{key}/repos/{slug}/pull-requests/{id}/comments/{comment_id}/reactions/{emoticon}can be used to remove a specific emoji to a specific comment.
NOTE: CommentLikeService has been marked as deprecated as of Bitbucket Server 7.7 and is due to be removed in
Bitbucket Server 8.0. It has been replaced by the new CommentReactionService. App developers who rely on the
CommentLikeService are strongly encouraged to update their code to use the new CommentReactionService directly as
soon as possible to add reactions, remove reactions and get reactions.
In Bitbucket Server 7.7 there is a new pull request review workflow that allows an authenticated user with permission to interact with a pull request to add draft comments only visible to that authenticated user. Once the authenticated user is finished with their pull request review they can batch publish their draft comments so that other users can see the comments.
New events that are included in this change are:
PullRequestReviewCommentAddedEvent - which is raised when a draft comment is added to a pull request.PullRequestReviewCommentRepliedEvent - which is raised when a draft reply comment is added to a pull request.PullRequestReviewDiscardedEvent - which is raised when a pull request review with draft comments is discarded.PullRequestReviewFinishedEvent - which is raised when a pull request review with draft comments is completed.The CommentState enum has also been modified to include PENDING.
PullRequestService.discardReview, PullRequestService.finishReview, and PullRequestService.getReviewThreads are new
methods that discard a pull request review for the authenticated user, complete and finish a pull request review
for the authenticated user, and get all the comment threads with draft comments for a pull request respectively.
CommentDao.deleteBatch has been added which deletes a batch of comments.
CommentThreadDao.searchPending has been added to get all the CommentThreads that have at least one draft comment.
There are three restrictions though on this method where the Commentable supplied matches the comment, the author ID
matches, and the comment state is PENDING.
The new REST endpoints:
DELETE /rest/api/latest/projects/{key}/repos/{slug}/pull-requests/{id}/reviewcan be used to delete/discard a pull request review for the authenticated user.
GET /rest/api/latest/projects/{key}/repos/{slug}/pull-requests/{id}/reviewcan be used to get all the comment threads which have draft comments for a pull request review for the authenticated user.
PUT /rest/api/latest/projects/{key}/repos/{slug}/pull-requests/{id}/reviewcan be used to finish a pull request review and publish all the draft comments for the authenticated user so that other users can see the comments.
In Bitbucket Server 7.6 we updated the Client-side Extensions to the latest
version 1.2.0. This version introduces the PageExtensions
extension type that can be used to create custom pages in Bitbucket product by plugin developers.
Refer to the creating page guide and the Client-side Extensions changelog for more information about the changes.
Starting in Bitbucket Server 7.4, hosting requests (think git clone, git fetch, git push, etc.) made via HTTP now use
ServletRequest.startAsync
to perform request processing using a separate ExecutorService, rather than one of Tomcat's container threads. This frees
up container threads to serve REST and UI requests instead, to ensure heavy hosting load doesn't impact UI responsiveness.
It also allows use of Servlet 3.1's ReadListener and WriteListener to perform non-blocking I/O while handling requests,
which allows Bitbucket Server to significantly reduce the number of threads used when running git http-backend.
If your app registers any Servlet Filters, or provides any HttpScmRequests, this new async functionality may impact
your app.
Apps can register their own Servlet Filters to be included in the FilterChain by using the <servlet-filter/> module
descriptor. In Bitbucket Server 7.4, Filters registered this way are assumed to support async, and must explicitly opt
out by adding <async-supported>false</async-supported> like this:
1 2<servlet-filter name="My Filter" key="my-filter" class="com.atlassian.example.web.MyFilter" location="before-login"> <async-supported>false</async-supported> <!-- If you want your filter applied to the ASYNC dispatcher, you must specify that explicitly in your dispatcher list here. e.g. ASYNC,FORWARD,REQUEST. Including the ASYNC dispatcher on a filter that doesn't support async makes no sense. --> <dispatcher>REQUEST</dispatcher> <url-pattern>*</url-pattern> </servlet-filter>
Explicitly disabling async support on your filter will prevent Bitbucket Server from using Servlet 3.1 non-blocking I/O for
HTTP hosting, because ReadListener and WriteListener can only be used on async requests. This will negatively impact
scalability, as performing hosting operations using blocking I/O requires extra threads and imposes more overhead. Setting
<async-supported>false</async-supported> is intended to be a workaround to allow app-provided Filters to block async
handling while they're updated to handle async requests.
Many Filters will work correctly for async requests without any changes:
1 2public class MyFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //If your filter applies logic here, it will generally work async without changes. //If your filter wraps the ServletRequest or ServletResponse, those wrappers may be //used on another thread if the request is processed asynchronously. Generally that //shouldn't matter, but it's something to be aware of. chain.doFilter(request, response); //If your filter applies logic here, it will likely require updates to work correctly. } //Other methods omitted for brevity. }
For Filter implementations that have code after chain.doFilter, for async requests the request will not be completed
when that code is reached. Such Filters need to be updated to check request.isAsyncStarted():
1 2@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(request, response); if (request.isAsyncStarted()) { //The request is running asynchronously. Register an AsyncListener to be notified when //the request completes. If the request has already completed (which, due to threading, //may be possible), the container will immediately call onComplete on the listener when //it's registered with the AsyncContext here. //You have to check isAsyncStarted() before calling getAsyncContext() or it may throw //an exception if the request is not async. request.getAsyncContext().addListener(new AsyncListener() { @Override public void onComplete(AsyncEvent event) { //At this point the async request has completed, so run any "after" logic. //You can get the "most wrapped" ServletRequest and ServletResponse from the //AsyncContext like this: AsyncContext context = event.getAsyncContext(); runAfter(context.getRequest(), context.getResponse()); //Or you can use the ones provided to doFilter, which were provided when the //AsyncListener is registered, if you passed them to addListener. If you use //addListener(AsyncListener) the "supplied" request/response will be null. //runAfter(event.getSuppliedRequest(), event.getSuppliedResponse()); } //There are other methods on the interface, but onComplete is generally what filters //that had processing after chain.doFilter care about. Note that onComplete will be //called even if onError or onTimeout are called; it will be called after them. }, request, response); //<- These will be the "supplied" request/response on AsyncEvent. } else { //The request was processed synchronously, so it's already complete. runAfter(request, response); } } private void runAfter(ServletRequest request, ServletResponse response) { //This is the logic that would have been after chain.doFilter }
HttpScmRequestHandlers and HttpScmRequestsA new isAsyncSupported() property has been added to HttpScmRequest. The default is false, so, unlike Filters, app-provided
HttpScmRequest implementations will not automatically start running async. After doing local testing, app developers can override
the default to indicate their HttpScmRequests support async.
Even if an HttpScmRequest returns true for isAsyncSupported(), it cannot assume it will be run that way. If any app-provided
Filters block async, or if a system administrator has globally disabled async handling, HttpScmRequest implementations will be
called synchronously. HttpScmRequests can check isAsyncStarted() on the HttpServletRequest to determine whether the request is
running synchronously or asynchronously.
HttpScmRequests do not need to use non-blocking handling for async requests. There's no requirement that they check
isAsyncStarted() and have special handling for async. In general, existing blocking handling will work as-is whether a
request is run synchronously or asynchronously. The check simply allows HttpScmRequests the opportunity to use async
features like ReadListener and WriteListener if they choose.
1 2public class MyHttpScmRequestHandler implements HttpScmRequestHandler { @Nonnull @Override public Optional<HttpScmRequest> create(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response) { //Don't check request.isAsyncStarted() here. The system doesn't start async processing until //it has verified an HttpScmRequest can be created, so it won't be async yet. return Optional.of(new MyHttpScmRequest(request, response)); } //Other methods omitted for brevity. } public class MyHttpScmRequest implements HttpScmRequest { private final HttpServletRequest request; private final HttpServletResponse response; public MyHttpScmRequest(HttpServletRequest request, HttpServletResponse response) { this.request = request; this.response = response; } @Override public void handleRequest() throws IOException { //Inside handleRequest() it's safe to check isAsyncStarted(). If the request is going to be //processed asynchronously, it will have happened by now. if (request.isAsyncStarted()) { //The request is running asynchronously. That means non-blocking features like ReadListener //and WriteListener are available. } else { //Even though this implementation _supports_ async, either we're deployed in Bitbucket Server //7.3 or older, or something else has blocked the request from running asynchronously. } } //This override can be _present_ even if the app still supports Bitbucket Server 7.3 and older; older //versions simply will not check it, and will always process requests synchronously. //Note that, if you want to compile your app against an older version of the HttpScmRequest SPI to //ensure compatibility with pre-7.4 versions, you can still add this method to allow 7.4+ to run your //HttpScmRequest asynchronously; just omit the @Override so it will compile. @Override public boolean isAsyncSupported() { return true; } //Other methods omitted for brevity. }
In Bitbucket Server 7.4 there is a new REST endpoint that supports receiving significantly more build information from a build server. This new information is presented in various places on the product, for the 7.4 release this is most prominent as a builds tab. To receive rich build-status the CI tool needs to POST Build Status via the new REST endpoint to Bitbucket Server.
New REST endpoint:
POST /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/builds
We recommend using this new endpoint as it provides a better experience for users with additional test summary and duration displayed in the UI.
System admins can now configure the permission level needed to delete a repository by setting a repository delete policy.
The permissions for setting a repository delete policy are SYS_ADMIN, ADMIN, PROJECT_ADMIN and REPO_ADMIN.
New REST endpoints:
PUT /rest/policies/latest/admin/repos/deleteGET /rest/policies/latest/admin/repos/deleteChanged REST endpoint:
POST /rest/api/1.0/admin/license
Returns a 400 status if the license is being changed from Server to DC, and there are Add-ons installed which will need license upgrades to DC licenses. If a parameter confirmWarning=true is supplied the license will be applied anyway and a 200 status returned.Internationalization has been introduced into auditing. This has resulted in a number of changes in the Bitbucket API:
AuditCategory are now i18n property keys instead of hard-coded English values@Auditable annotation now has an action field which can be used to explicitly specify an action (instead of
having it be the class name), and this the specified action can be an i18n property keycategory field of @Auditable can now be an i18n property key (the system will attempt to translate the
provided key, and will fallback to using it as a hard-coded English value if no property exists with that key); note
that all of the constants provided in AuditCategory are valid i18n keysAdditionally, the auditing model has been extended to allow setting i18n keys in place of hard-coded English values:
AuditEvent.Builder constructors which take hard-coded action and category fields have been deprecated
(AuditEvent.Builder(type) can be used instead)AuditEvent.Builder, actionI18nKey(..)/categoryI18nKey(..) replacing the now deprecated
action(..)/category(..)AuditType.fromI18nKeys(area, level, categoryI18nKey, actionI18nKey) replacing the now deprecated
AuditType(area, category, action, level)AuditEvent.fromI18nKeys(categoryI18nKey, actionI18nKey, level) replacing the now deprecated
AuditEvent.builder(action, category, level)AuditAttribute.fromI18nKeys(nameI18nKey, value) replacing the now deprecated new AuditAttribute(name, value)ChangedValue.fromI18nKeys(i18nKey) and using the builder to set the from and to replacing the now deprecated
new ChangedValue(key, from, to)A number of application published audited events have changed to being audited internally. These events no longer have
an @Audited annotation, and the associated converters have been deprecated.
AutomaticMergeEvent and AutomaticMergeConverterRefRestrictionEvent and RefRestrictionEventConverterSshAccessKeyEvent and SshAccessKeyEventConverterSshKeyEvent and SshKeyEventConverterConstructors have been deprecated (and replaced by constructors with additional fields) in the following application published events:
HookScriptUpdatedEventRefRestrictionUpdatedEventRepositoryHookSettingsChangedEventRepositoryDefaultBranchModifiedEventIn Bitbucket Server 7.2 we are adding the ability to search for repositories via REST that have a specific file at the root level of the repository.
The new REST search endpoint is:
GET /rest/search/latest/repos-matching-root-file?rootFile=<filename>&query=<general query term>The query parameters which are both mandatory include:
rootFile which is the specific file at the root level of the repository, for example pom.xmlquery which is a general query term, for example my-repository or project-abcTasks have been deprecated and replaced by Comments with severity=BLOCKER
NOTE: App developers who use tasks are strongly encouraged to update their code to use CommentService directly as
soon as possible to create, retrieve and update BLOCKER comments; TaskService is now just
a facade for that one.
NOTE: BLOCKER comments have existed since 6.7, however, prior to 7.0 they are not
treated as tasks. Apps that wish to retain semantic compatibility with 6.x must continue using the
TaskService until support for pre-7.0 releases can be dropped.
Implementing tasks as BLOCKER comments imposes two semantics-breaking changes despite remaining
API-compatible with previous releases:
In addition to those semantics-breaking changes, there are other implications that may be worth noting:
BLOCKER comments created using the CommentService directly are included in task results,
unless they are root comments (i.e. they have no parent). It was not, and still is not, possible to
create a task without an anchoring comment, so root BLOCKER comments cannot be treated as tasks because
they would violate the nullability contract for Task#getAnchorBLOCKER comments created and/or updated using the task API still have their whitespace normalizedBLOCKER reply on the anchoring commentBLOCKER replyBLOCKER replyAll of the types in com.atlassian.bitbucket.task have been deprecated and replaced with BLOCKER Comments. The
following classes are deprecated:
IllegalTaskStateExceptionNoSuchTaskExceptionTaskTaskAnchorTaskAnchorTypeTaskAnchorVisitorTaskCountTaskCreateRequestTaskOperationsTaskServiceTaskStateTaskUpdateRequestThe Task REST API is deprecated, and instead the existing Comment REST API should be used as follows:
POST /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments
(passing the attribute severity set to BLOCKER)DELETE /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}GET /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}PUT /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/comments/{commentId}state set to RESOLVED)A new REST endpoint has been added for retrieving the BLOCKER comments for a pull request -
GET /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/pull-requests/{pullRequestId}/blocker-comments
It can take the following optional query parameters:
count=true to return only a count of the blocker comments (and not the comments themselves), grouped by statestate=OPEN|RESOLVED to return the blocker comments matching the given stateBitbucket Server 7.0 includes a major overhaul to how auditing works for the application. This includes an extended model for representing auditing data, new categorization metadata associated with every event, and changes to how audit events are provided and consumed by plugins.
Prior to 7.0, audit events were represented by an AuditEntry on a Bitbucket Server AuditEvent. This has been replaced by a different AuditEvent, which is a cross-product replacement.
A legacy AuditEntry maps to a new AuditEvent as follows:
AuditEntry.getAction() has been replaced by AuditEvent.getAction()AuditEntry.getProject() and AuditEntry.getRepository() have been replaced by AuditEvent.getAffectedObjects() (where a project or a repository is represented by an AuditResource)AuditEntry.getDetails() and AuditEntry.getTarget() have no direct replacements, but can be represented as an AuditAttribute, which is what the system will do internally when converting from AuditEntry into AuditEvent (note that these are not guaranteed to be present on system events after 7.0, and associated data will likely be represented differently)AuditEntry.getDate(), AuditEntry.getSourceIpAddress() and AuditEntry.getUser() have no replacements, but are set automatically by the system as part of processing the event, and are part of the AuditEntity constructed from the AuditEvent as AuditEntity.getTimestamp(), AuditEntity.getSource() and AuditEntity.getAuthor() respectivelyPrior to 7.0, plugin developers were able to add audited events to the system by annotating an event with @Audited and implementing an AuditEntryConverter. Plugin developers could also publish a Bitbucket Server AuditEvent directly. These methods of providing auditing events have been deprecated in 7.0 for removal in 8.0. These legacy methods of providing auditing events to the system do so via the deprecated AuditEntry model. The application internally makes a best effort conversion to the new AuditEvent model, which may not result in the new model being used completely.
It is recommended that plugin developers switch to using @Auditable with an AuditEventConverter. This is the new audit event provider API added in 7.0, which is used to convert directly to the new AuditEvent model. This way plugin developers can directly construct their AuditEvent and have better control over what information is included in the audit event.
The concept of audit Priority (and the associated enum) have been deprecated in 7.0 for removal in 8.0. A Priority set on an @Audited annotation will be ignored (so all events are audited regardless of priority). From 7.0 onward, using CoverageArea and CoverageLevel (via the new @Auditable annotation) can be used to attach metadata to an event to control when it should be audited.
The concept of Channels (and the associated class) have been been deprecated in 7.0 for removal in 8.0. From 7.0 onward, AuditResource's should be added to the affectedObjects property of the AuditEvent instead. AuditUtils has helper methods that can be used to create AuditResources for projects and repositories. Adding a project affectedObject ensures the audited event will appear in the project audit log, and adding a repository affectedObject ensures the audited event will appear in the repository audit log. Multiple affectedObjects can be added to a single AuditEvent if desired.
From 7.0 onward, a Channel set on an @Audited annotation will be automatically converted into a project and/or repository affectedObject, if the relevant entity is present on the AuditEntry. However it is recommended that plugin developers which to using @Auditable to be able to specify affectedObjects directly.
Prior to 7.0, plugin developers were able to listen to the Bitbucket Server AuditEvent and consume all auditing events raised by the system and other plugins. The application includes logging auditing to both a file and the database, but this allowed plugins to add additional consumers. From 7.0 onward, the application will no longer publish AuditEvent - it is only being retained as a deprecated provider API until 8.0.
Instead, any plugin wishing to consume audit events must switch to implementing the new AuditConsumer SPI from 7.0 onward.
Prior to 7.0, certain repository and project audited actions were stored in the database, and could be retrieved via AuditService. This service has been deprecated in 7.0 for removal in 8.0. Instead, any plugin wishing to retrieve audit events should use AuditSearchService.
In Bitbucket Server 7.0 we are adding new Java and REST methods for saving, updating, removing and retrieving metadata for any new attachments that are added to a pull request.
AttachmentService.saveMetadata, AttachmentService.deleteMetadata, and AttachmentService.getMetadata introduce this ability to save, update, remove and retrieve any new attachment's metadata on a pull request respectively.
New REST endpoints:
PUT /rest/api/latest/projects/KEY/repos/SLUG/attachments/ID/metadatacan be used to save and update attachment metadata. The request header should have Content-Type: application/json and the data sent needs to be valid JSON.
DELETE /rest/api/latest/projects/KEY/repos/SLUG/attachments/ID/metadatacan be used to delete attachment metadata.
GET /rest/api/latest/projects/KEY/repos/SLUG/attachments/ID/metadatacan be used to retrieve attachment metadata.
In Bitbucket Server 7.0 we shipped a new pull request experience, which resulted in a number of changes to the API.
We have removed support for the existing Client Web Fragments on the pull request page and replaced them with Client-side Extensions. This will require manual migration of plugins to using Client-side Extensions in order for them to continue working on the pull request page.
We plan to continue deprecating support for Client Web Fragments and adding support for Client-side Extensions in more locations throughout Bitbucket Server.
The bitbucket.page.pullRequest.view web resource context has been renamed to bitbucket.page.pullRequest.detail. This means that for any resources you need on the page that aren't loaded via Client-side Extensions, you will need to update the context property of the relevant Web Resource.
Support for the bitbucket.pullrequest.view plugin decorator was removed in Bitbucket Server 7.0.
String InsightAnnotation.getPath() has been deprecated and will be removed in Bitbucket Server 8.0. Please use Optional<String> InsightAnnotation.getFilePath() instead.com.atlassian.bitbucket.scm.BaseCommand, a base implementation of the AsyncCommand and Command interfaces which uses Atlassian Process Utils to run processes has been
deprecated for removal without replacement in Bitbucket Server 8.0. App developers who use BaseCommand directly should update their apps to use one of Bitbucket Server's
CommandBuilder mechanisms instead:
Note App developers must not assume that AsyncCommand and Command instances returned by builders, or by the Git SCM's *CommandFactory types, are derived from
BaseCommand. The builder and command factory interfaces only guarantee AsyncCommand and Command types; the specific implementations for those interfaces can
change at any time, in any release.
Additionally, all of the types in com.atlassian.bitbucket.scm.ssh and com.atlassian.bitbucket.web.cgi, which are used to implement HTTP(S) and SSH hosting support for Git,
have been deprecated for removal without replacement in Bitbucket Server 8.0. The following classes are deprecated:
AbstractSshStreamHandlerBaseCgiHandlerCgiEnvironmentUtilsCgiInputHandlerCgiOutputHandlerSshCommandExitHandlerSshInputHandlerSshOutputHandlerIn Bitbucket Server 6.8 we have added CDN support for caching static assets(such as JavaScript, CSS, and fonts). This includes static resources that are served by plugins. With this change, we are moving to stateless delivery of JavaScript and CSS resources. Apps that don't use the new APIs for web-resource transforms and conditions may cause static assets to be cached incorrectly.
The following web-resource transforms and conditions have been deprecated:
com.atlassian.plugin.webresource.transformer.WebResourceTransformercom.atlassian.plugin.web.ConditionSee Stateless web-resource transforms and conditions to make sure your app is using the new APIs for web-resource transforms and conditions.
New Java and REST API methods have been added for retrieving patches of repositories and pull requests.
ContentService.streamPatch(PatchRequest, TypeAwareOutputSupplier) and ScmExtendedCommandFactory.patch(PatchCommandParameters, TypeAwareOutputSupplier) introduce the ability
to stream a patch for a given commit or commit range, along with the new ScmFeature.PATCH feature.
Two new REST endpoints:
GET /rest/api/latest/projects/KEY/repos/SLUG/pull-requests/<pullRequestId>.patchGET /rest/api/latest/projects/KEY/repos/SLUG/patch?since=<sinceHash>&until=<untilHash>&allAncestors=[true|false]can be used to retrieve associated patch details via REST.
New Java and REST API methods have been added for retrieving the raw text diff of repositories and pull requests.
PullRequestService.streamDiff(PullRequestDiffRequest, TypeAwareOutputSupplier), ContentService.streamDiff(DiffRequest, TypeAwareOutputSupplier) and ScmCommandFactory.diff(DiffCommandParameters, TypeAwareOutputSupplier) introduce the ability
to stream a raw text diff for a given pull request or commit range.
A new REST endpoint:
GET /rest/api/latest/projects/KEY/repos/SLUG/pull-requests/<pullRequestId>.diff?contextLines=<contextLines>can be used to retrieve the raw diff for a particular pull request.
Three existing REST endpoints:
GET /rest/api/latest/projects/KEY/repos/SLUG/pull-requests/diff/<pullRequestId>?contextLines<contextLines>=&sinceId=<sinceHash>&untilId=<untilHash>GET /rest/api/latest/projects/KEY/repos/SLUG/diff?contextLines<contextLines>=&since=<sinceHash>&until=<untilHash>GET /rest/api/latest/projects/KEY/repos/SLUG/commits/<commit_id>/diff?contextLines=<contextLines>&since=<sinceHash>can be called with the request header Accept: text/plain to retrieve the raw text representation of the diff.
Eight new CancelableEvents
allow plugins to veto the creation, modification and deletion of comments:
CommitDiscussionCommentAddRequestedEventCommitDiscussionCommentDeletionRequestedEventCommitDiscussionCommentModificationRequestedEventCommitDiscussionCommentReplyRequestedEventPullRequestCommentAddRequestedEventPullRequestCommentDeletionRequestedEventPullRequestCommentModificationRequestedEventPullRequestCommentReplyRequestedEventInterfaces, classes, and methods in the Bitbucket Server Java API that were previously marked as deprecated have been removed.
Plugins that use any of these interfaces (which would have generated deprecation warnings when built against Bitbucket Server 5.x) generally won’t build with Bitbucket Server 6.x
Precompiled plugins that used any of the removed interfaces will fail to install or run in Bitbucket Server 6.x,
typically with java.lang.NoSuchMethodError or java.lang.ClassNotFoundExceptions.
Removal of the legacy Repository Hooks API
Bitbucket Server 5.0 introduced a new Repository Hooks and Merge Checks API. In 6.0 the legacy API has been removed. For an overview of the new API please see the Repository Hooks and Merge Checks Guide.
Removal of direct access to repositories on disk
In Bitbucket Server 5.10 direct access to the Bitbucket managed repositories on disk for plugins was deprecated. In 6.0 the deprecated API that permitted this has been removed. For further information please refer to the changelog entry for 5.10.
Removal of Notifications SPI
All public SPI available in the package com.atlassian.bitbucket.notification has been removed without replacement.
Removal of Search API
The packages com.atlassian.bitbucket.search and com.atlassian.elasticsearch.client were previously exported
and available for plugins to use. These however were just implementation classes and not part of a useful search API.
These packages are no longer exported as of 6.0.
Removal of Dev status API
The packages com.atlassian.devstatus and com.atlassian.devstatus.vcs were previously exported and available for
plugins to use. These however were just implementation classes and not part of useful API. These packages are no longer
exported as of 6.0.
Removed API details
The following classes and interfaces have been removed in Bitbucket Server 6.0. Please see the linked Javadoc for Bitbucket Server 5.16 for informing regarding deprecation and possible alternative classes and interfaces.
AbstractEffectivePermissionVisitorAsyncPostReceiveRepositoryHookBranchChangeRequestedEventBranchCreationRequestedEventBranchDeletionRequestedEventEffectiveGlobalPermissionEffectivePermissionEffectivePermissionVisitorEffectivePermissionsChangedEventEffectivePermissionsProviderEffectiveProjectPermissionEffectiveRepositoryPermissionFileEditRequestedEventIllegalUserStateExceptionMergeRequestCheckPostReceiveHookPreReceiveHookPreReceiveRepositoryHookPullRequestCommitCommentAddedEventRefChangeRequestedEventRepositoryHookImplementorRepositoryMergeRequestCheckRepositorySettingsValidatorRestEffectiveGlobalPermissionRestEffectivePermissionRestEffectiveProjectPermissionRestEffectiveRepositoryPermissionRestPullRequestMergeVetoSimpleEffectiveGlobalPermissionSimpleEffectivePermissionBaseSimpleEffectiveProjectPermissionSimpleEffectiveRepositoryPermissionSimpleEffectiveResourcePermissionBaseTagChangeRequestedEventTagCreationRequestedEventTagDeletionRequestedEventWebHookEventIdIn addition, deprecated methods in existing classes and interfaces across the whole Bitbucket Server API have been removed.
Consult the Bitbucket Server 5.16 Java API Reference for details on the removed methods, and their alternatives in Bitbucket Server 6.x.
Previously plugins written in Scala were able to depend on Bitbucket Server to provide the Scala runtime library (org.scala-lang:scala-library) as as such did not need to bundle it in the plugin. As of Bitbucket Server 6.0 this dependency is no longer provided/exported.
Bitbucket Server 6.0 upgrades Atlassian User Interface (AUI) from 7.x to 8.0 For more information on upgrading to AUI 8 see the AUI 8 upgrade guide.
Though they were never API, some plugins have depended on web-resources in the plugin
com.atlassian.bitbucket.server.bitbucket-web. In 6.0, most of the dependencies will stop working. Please use an
equivalent public API, if available.
Some exceptions were made for heavily used resources, but these will eventually be replaced with supportable
implementations of API and will also be removed a future major version update.
The temporary exceptions are:
Similar to the above, some internal AMD modules were depended on by plugins. In 6.0, third-party plugins that depend on
modules starting with bitbucket/internal/ will stop working. Where an equivalent public API
is available, use that. Otherwise, consider implementing your own version of the functionality. Some exceptions were
made for heavily used modules, but these will eventually be replaced with supportable implementations of API and will
also be removed removed a future major version update.
The temporary exceptions are:
Events (consumed using bitbucket/util/events) starting with bitbucket.internal have never been official API but
will no longer be able to be subscribed to and should not be considered stable or part of any official API.
As a result of the changes to internal JS events and other changes, the TextView API (which was only accessibly via an
internal event) will no longer be accessible. The TextView API could be used for modifying the source or diff view.
Where possible it is suggested to use Code Insights to display extra information on a diff. Key methods of the TextView
API were addLineClass, addLineWidget, and registerGutter/setGutterMarker.
Custom file-handlers are no longer supported for diff views (but continue to be supported for source views). Any custom file-handlers registered for diff-views will be ignored when resolving the appropriate handler.
In Bitbucket Server 5.16 we have introduced the ability for admins to erase personally identifiable user data for a deleted
user. Personally identifiable user data stored in third party plugins will not be erased, unless those plugins implement their
own com.atlassian.bitbucket.user.UserErasureHandler. For the erasure process to pick up these implementations, they have to
be defined as a com.atlassian.bitbucket.user.UserErasureModuleDescriptor module in the plugin's atlassian-plugin.xml file.
See the module description for <user-erasure-handler>
for more information.
In Bitbucket Server 5.15 we have introduced a feature to display the results of static analysis on a pull request in the form of a report and annotations. This has included both Java and REST API for adding, modifying and deleting reports and annotations. See this how-to guide for more details.
In Bitbucket Server 5.14 we have introduced a feature for migrating projects and repositories between Bitbucket installations.
Data provided by third party plugins will not be migrated, unless those plugins implement their own
com.atlassian.bitbucket.migration.Exporter and com.atlassian.bitbucket.migration.Importer. For the migration process to
pick up these implementations, they have to be defined as a com.atlassian.bitbucket.migration.MigrationHandlerModuleDescriptor
module in the plugin's atlassian-plugin.xml file. See the module description for <migration-handler>
for more information.
In Bitbucket Server 5.11 we are adding Java and REST API methods for retrieving the pull requests containing a
specified commit. PullRequestService.countByCommit and PullRequestService.searchByCommit introduce the ability
to count or search pull requests associated with a specific commit. A new REST endpoint
(/rest/api/latest/projects/KEY/repos/SLUG/commits/{commitId}/pull-requests) allows retrieval of associated pull
requests via REST.
In Bitbucket Server 5.10 we've made the difficult decision to deprecate direct access to our repositories on disk for apps. The ability to access to repositories on disk will be removed in 6.0. Deprecated interfaces and methods which will be removed without replacement include:
ApplicationPropertiesService.getRepositoriesDir()ApplicationPropertiesService.getRepositoryDir(Repository)GitAgent (All methods)
RefService insteadGitScmConfig (All methods)
GitScm.getVersion() has been added to continue to provide access to the detected Git versionScmHookDetails.getEnvironment()Apps which directly access repository directories and use JGit to interact with their contents will no longer be able to
do so. Apps which otherwise read or modify repository contents, such as installing, updating or removing hooks, will no
longer be able to do so. Executing processes other than git in repository directories will also no longer be possible.
Apps which use API services like CommitService, ContentService and RefService will be unaffected. Additionally, our
CommandBuilder API (including GitCommandBuilderFactory and GitScmCommandBuilder) is also unaffected, continuing to
allow app developers the ability to build and execute arbitrary git commands. Going forward, our APIs will be the only
available mechanism for interacting with repository contents.
Building a system which can scale from 10 users to 50,000+ users is complicated, and there's a balance that has to be struck between our desire to provide a flexible, rich API and SPI to empower our ecosystem and the need to continuously improve how the system scales for ever-increasing user counts. We recognize that this is a decision which will negatively impact some existing apps, and those who use them. It's been a difficult decision to make internally, and one we take very seriously. However, as we consider our roadmap going forward, and the features we want to add, especially around scalability, it has become apparent that it will not be possible to deliver on our roadmap the way we want to while apps are able to make direct modifications to repositories without using our API--aside from retrieving the directory--to do so. Supporting direct access to repositories severely limits our guarantees around repository state, and about when repositories are and are not being updated, and those limitations in turn prevent us from implementing much-requested features like read-only mode and sharded repository storage.
In Bitbucket Server 5.10 we are adding an API service for managing watchable entities: the WatcherService.
Watchable.getWatchers() has been deprecated and WatcherService.search should be used instead. The existing Watchable's
(CommitDiscussion and PullRequest) will still return their watchers from getWatchers() until the method is removed in 6.0.
Repository is a new Watchable and has had a getWatchers() method added to it for compatibility, but the method is a no-op
and will be removed in 6.0 also.
In Bitbucket Server 5.5 we are adding API to allow plugins to restrict or extend the permissions granted to a user on
a resource. Plugins may implement PermissionVoterProvider to create a PermissionVoter and register the provider
in the permission-voter-provider tag in atlassian-plugin.xml in order to 'vote' on whether a user is allowed access
to a given resource. For the permission check to succeed, at least one PermissionVoter must return a result of
PermissionVote.GRANT. If all PermissionVoters abstain, or any PermissionVoter returns a result of PermissionVote.VETO,
the permission check is unsuccessful and the user is not allowed to carry out the requested operation.
In addition to this, we are also adding a new permission level, Permission.USER_ADMIN, which represents access to change
the account configuration of a user (such as SSH keys, GPG keys, personal tokens and password). The permission cannot be
granted to any user/group, but callers can check for this permission using the newly added
PermissionService.hasUserPermission methods.
HttpAuthenticationHandler.authenticate and SshAuthenticationHandler.authenticate return an ApplicationUser only,
with no ability for AuthenticationHandlers to add their own context. This method has been deprecated (for removal in 6.0)
in favor of the new HttpAuthenticationHandler.performAuthentication and SshAuthenticationHandler.performAuthentication
which returns an AuthenticationResult which contains the authenticated ApplicationUser and authentication properties
provided by the handler.
In Bitbucket Server 5.4 we are adding a Webhooks API to allow plugins to publish webhooks. Plugins will be able to import
the WebhooksService from com.atlassian.webhooks to use this new feature. Plugins are also able to register to filter
webhook invocations, as well as enrich invocations. This allows fine grained control over which webhooks are fired, as
well as the http details for each of them. To find out more, check out WebhookFilter and WebhookRequestEnricher.
If your plugin would like to set the payload body of a webhook, please export a WebhookPayloadProvider. By default
Bitbucket knows how to serialize certain application events, but if you're publishing custom webhooks, ensure that you
provide a payload provider if you require a HTTP body in your webhook.
The Webhooks API source code and documentation can be found here.
Bitbucket Server 5.0.0 added an OSGi export for net.i2p.crypto.eddsa* packages as part of upgrading the SSH library
the system uses. Bitbucket Server 5.4.0 removes that export, as newer versions of the SSH library require a new version
of the net.i2p.crypto:eddsa library which is API-incompatible with the previously-exported version.
Any app relying on net.i2p.crypto.eddsa packages via an OSGi import should be updated to bundle their required
version of the library instead.
In Bitbucket Server 5.2 we are updating the hooks API to allow hooks to be configured at both a Project and a
Repsitory level. Because of this, methods on the RepositoryHookService will now take a Scope object rather than
a Repository object to encapsulate the Project or Repository scope to which the settings and enabled/disabled
state can be applied. Additionally, in order to make the hooks API more usable, many methods now take 'request objects'
(e.g. DeleteRepositoryHookRequest, RepositoryHookSearchRequest, SetRepositoryHookSettingsRequest) which is a wrapper
around the Scope and other arguments required by the method. For more information on the new API and how to use it,
see the Repository Hooks and Merge Checks Guide
In Bitbucket Server 5.1 we are introducing the ability to delete pull requests. A new method is available on the
PullRequestService to trigger a pull request deletion. Furthermore a cancelable PullRequestDeletionRequestedEvent
was added, which allows plugins to veto a pull request's deletion.
We're calling attention to this change to remind plugin and integration developers that pull requests and all their
associated data, like comments, can disappear, and any code integrating with Bitbucket needs to account for this.
As announced in the 4.11 release the Comment API has been replaced with a more usable and maintainable alternative.
A Comment now has a reference to a CommentThread which binds an entire conversation together. Comment threads
provide API clients with access to:
rootCommentCommentThreadDiffAnchor (not available for pull request general comments)
which points to the location in the diff where the comment was addedCommentable (currently either a PullRequest or a CommitDiscussion) which serves as the context
for the threadWe have also introduced the CommentService which centralizes all comment-related APIs removing the duplication
previously seen in CommitService and PullRequestService.
In Bitbucket Server 5.0 we are introducing a new API for Hooks. This API will replace the existing hooks API and the merge checks API. This new API makes retrieving added and removed commits much simpler and more efficient. For more information on the new API and how to use it, see the Repository Hooks and Merge Checks Guide.
The legacy Hooks API has been deprecated for removal in Bitbucket Server 6.0.
Interfaces, classes, and methods in the Bitbucket Server Java API that were previously marked as deprecated have been removed.
Plugins that use any of these interfaces (which would have generated deprecation warnings when built against Bitbucket Server 4.x) generally won't build with Bitbucket Server 5.x
Precompiled plugins that used any of the removed interfaces will fail to install or
run in Bitbucket Server 5.x, typically with java.lang.NoSuchMethodError.
Deprecated APIs have been documented in the Bitbucket Server 4.14 Java API Reference for Bitbucket Server 5.0.
The following classes and interfaces have been removed in Bitbucket Server 5.0. Please see the linked Javadoc for Bitbucket Server 4.14 for informing regarding deprecation and possible alternative classes and interfaces.
AbstractAddCommentRequestAbstractAddFileCommentRequestAbstractAddLineCommentRequestAddDiffCommentRequestDiffCommentAnchorAddCommitFileCommentRequestAddCommitLineCommentRequestAddPullRequestFileCommentRequestAddPullRequestLineCommentRequestCommitCommentAnchorSearchRequestCommitDiscussionCommentAnchorVersionTrackerFileEditCanceledExceptionBranchCreationCanceledExceptionBranchDeletionCanceledExceptionPullRequestApprovalEventPullRequestApprovedEventPullRequestRolesUpdatedEventPullRequestUnapprovedEventTagCreationCanceledExceptionTagDeletionCanceledExceptionPostReceiveHookModuleDescriptorPreReceiveHookModuleDescriptorCommitCommentAddedPullRequestNotificationCommitCommentRepliedPullRequestNotificationPullRequestCommentAnchorDiffTypePullRequestDiffCommentAnchorPullRequestMergeCanceledExceptionPullRequestRescopeAnalyzerRestDiffCommentAnchorRestPullRequestDiffCommentAnchorMergeCanceledExceptionMergeRequestCheckModuleDescriptorRepositoryRescopeCommandParametersHasPullRequestApproveConditionIsNormalUserConditionIn addition, deprecated methods in existing classes and interfaces across the whole Bitbucket Server API have been removed.
Consult the Bitbucket Server 4.14 Java API Reference for details on the removed methods, and their alternatives in Bitbucket Server 5.x.
Although the bitbucket-parent Maven POM file is not considered stable API, an upgrade to the version of the Mockito
mocking framework is worth noting. Plugins that either use bitbucket-parent as their parent POM or import it for
the purposes of "dependencyManagement" may see changes to test code as the specific Mockito version dependency may
be inherited from bitbucket-parent.
Note: The Mockito framework is a test dependency only and its upgrade will not impact a plugin's compatibility with Bitbucket Server 4.13.
The upgrade from Mockito 1.x to 2.x involves a number of breaking changes. Plugin developers are encouraged to update unit tests where Mockito is used, and can find more information at What's new in Mockito 2.
For plugin developers who wish to depend on the bitbucket-parent artifact at version 4.13 or later, but still wish
to continue using Mockito 1.x, can override the dependency in the POM for their own plugin. Simply add the following
dependency to your plugin's pom.xml:
1 2<dependencies> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>1.10.19</version> <scope>test</scope> </dependency> </dependencies>
In this release we've deprecated the Comments API to make way for a more usable and maintainable alternative.
In our efforts to evolve, maintain and consume the API we've found:
Commentable) from a CommentThe upcoming API (to be published in our 5.0 release) will address these issues through the following semantic changes (and possibly others):
CommentThread interface will be introduced to be the common denominator in a conversationComment will link back to the thread it belongs to for easy access to the conversationComment anchors will be redesigned to remove duplicate informationCommentService will be made available to simplify how plugin developers create, edit and remove commentsIn Bitbucket Server 4.10 we upgraded AUI to version 6.0.0, which no longer bundles Raphael. The Raphael bundled with AUI was never a part of our API, it was an AUI implementation detail, however we have included a separate Raphael dependency in this version as we are aware of some apps using the Raphael that AUI exposed. This dependency is deprecated and will be removed in Bitbucket Server 5.0. If your app requires Raphael, you should bundle your own version of Raphael (or another drawing library).
Prior to Bitbucket Server 4.6 in the case where a user had set their Bitbucket Server language in their Account settings
to "Automatically detect browser setting", and had a language set in their browser that was not one of the languages for
which a language pack was installed in Bitbucket Server, calling getLocale on the SAL LocaleResolver would return
a Locale based on the preferred locale they had set in their browser.
In Bitbucket Server 4.6+ the Locale returned will be the Locale that is the closest match for an installed language.
This is a more correct implementation of the LocaleResolver API description which states that getLocale should
return "the Locale that should be used in internationalization and localization", as now this Locale will match that
used by other parts of the system for internationalization and localization.
The web sections and web items at the following locations and sections have been deprecated:
The web items have been moved into a '...' dropdown menu as menu items, and if you were relying on specific DOM rendering of your plugin, it may cease to function. We no longer refresh the page after a merge or decline, and a reviewer can be added to the pull request without a page refresh. This means your web-item may be out of date in these cases.
A live JS event handling the click event of elements matching your styleClass or <link id="" /> will continue to
function until 5.0. You should convert your web-items into client-web-items
and add them directly to the new section 'bitbucket.pullrequest.action'. You should remove any intermediary web-sections.
PullRequestRolesUpdatedEvent has been deprecated for removal in 5.0. Plugin developers who wish to be notified
when a user is added/removed as a reviewer should use PullRequestReviewersUpdatedEvent instead
FileContentCache now requires a FileContentCacheManager as a constructor dependency. The recommended way to build a
FileContentCache is now to use the FileContentCacheManager.Builder a FileContentCache can then be created by
calling FileContentCacheManager#createContentCache. NOTE Special care must be taken when migrating to the
FileContentCacheManager to ensure that cacheDirectory paths remain correct.
e.g.
1 2File cacheDirectory = new File(propertiesService.getCacheDir(), CACHE_REGION); new FileContentCache(CACHE_KEY, cacheDirectory, new TtlCacheExpiryStrategy(), minFreeSpace, cachePump);
becomes
1 2File cacheDirectory = new File(propertiesService.getCacheDir()); FileContentCache cache = new FileContentCacheManager.Builder(cacheDirectory) .minFreeSpaceBytes(minFreeSpace) .streamPumper(cachePump) .build() .getCache(CACHE_REGION);
The BranchPermissionService and version 1.0 of the branch permissions REST API are being deprecated.
In Stash 3.10 we are introducing several new types of branch permissions and are adding the ability to add restrictions based on the branching model.
As a result, we are introducing a new service to interact with branch permissions, the
RefRestrictionService.
This service can be accessed by adding ref-restriction-api to your pom.xml as a dependency using:
1 2<dependency> <groupId>com.atlassian.stash</groupId> <artifactId>stash-ref-restriction-api</artifactId> <scope>provided</scope> </dependency>
Along with this change, we are updating the version of the branch permissions REST API to version 2.0. It is important to note that any REST calls to branch permissions version 1.0 using 'latest' in the REST URLs should be changed to use '1.0' instead, as version 2.0 of the REST API is not backwards compatible.
We've added new APIs to create, update and remove branch permissions:
RefRestrictionServiceAdditionally we have added the ref-restriction-spi, which provides interfaces to allow plugin developers to create
their own RefMatcher implementations. This opens up the possibility of customizing what type of Ref is restricted
by a given branch permission. Add the following to your dependencies to use the ref-restriction-spi:
1 2<dependency> <groupId>com.atlassian.stash</groupId> <artifactId>stash-ref-restriction-spi</artifactId> <scope>provided</scope> </dependency>
RefServiceThe RepositoryMetadataService is used to retrieve branches and tags for a repository. The "repository metadata" name
isn't very self-documenting. Since the service is used to interact with the refs in a repository, it has been renamed
to the RefService. The RepositoryMetadataService will remain available to plugins until it is removed in with the
4.0 release.
As part of the ongoing work to normalize the API to use "commit" instead of "changeset", the ChangesetReader has
been deprecated and CommitReader has been added to take its place.
The format constants previously public on ChangesetReader are now private on CommitReader. Having the constants
exposed made changing the format a semantically incompatible change because any plugins relying directly on those
constants and not using the ChangesetReadert to parse the output would be broken. If plugins are parsing output
for themselves, they should use their own format. If they're using the CommitReader to parse the output, they
should call getFormat() on the instantiated reader to get the format and make no assumptions about the format
returned.
Throughout the Stash codebase there's been a bit of a split between the term "changeset" and the term "commit". The two have often been used interchangeably, but each represents a distinct concept:
Changeset in StashDetailedChangeset in Stash because the name Changeset was already takenStarting from 3.7 Stash's API is being normalized, replacing Changeset with Commit and replacing DetailedChangeset
with Changeset. Because this normalization will touch so many classes and interfaces, the deprecated elements will be
retained through the entire 4.x release cycle and will be removed in 4.0. This means plugins developed using the now-
deprecated names will continue to work, unchanged, until 4.0.
Stash 3.7 includes the following changes related to this API normalization:
MinimalChangeset,
Changeset
and DetailedChangeset
interfaces have been deprecated
InternalMinimalChangeset, InternalChangeset and InternalDetailedChangeset)
have been deprecatedChangesetsBetweenRequest, DetailedChangesetsRequest) have been deprecatedChangesetCallback, and all of its related classes, has been deprecatedMinimalCommit,
Commit
and Changeset
interfaces have been added
SimpleMinimalCommit, SimpleCommit and SimpleChangeset) have been addedCommitRequest, CommitsRequest, CommitsBetweenRequest and ChangesetsRequest) have
been addedCommitCallback, and related classes, has been addedChangeset and DetailedChangeset types have been deprecated, with new
variants that return the new Commit and Changeset types added alongside themFor those implementing the SCM SPI or directly using the SCM API, Stash 3.7 introduces:
Unfortunately, because PluginCommandFactory (and the more user-facing ScmCommandFactory) use the names commit and
commits for their methods which return Command<Changeset> and Command<Page<Changeset>>, respectively, there is no
backward-compatible way to introduce methods which return Command<Commit> and Command<Page<Commit>>. Because of
this, the SCM contract will be broken in the Stash 4.0 release.
ScmCommandFactory
interface
Additional changes may be made in Stash 3.8, and subsequent releases, to further normalize the API. The goal of these
changes is for Stash 4.0 to have a consistent, clear API. If your plugins use the existing Changeset API we
strongly encourage you to start updating them to use the new Commit API as soon as possible, and to keep an eye out
for EAP builds of Stash 4.0 so you can verify their compatibility with the next major release.
In Stash 3.7, the last timestamp for users' most recent authentication is now tracked. This information cannot be reconstructed retroactively, so after the upgrade each user will have an unknown timestamp. Their next authentication will set that to the current time, and it will be tracked and updated going forward.
Authenticating via the web UI's login screen, via HTTP (pushing to or pulling from a repository over HTTP, for example) or via SSH will all update the last authentication timestamp. Browsing via the web UI will not update the timestamp for each page viewed; the timestamp will only be updated when the user gets a new session with the server. If the user has checked "Remember me", each time they get a new session with the server (generally after ~30 minutes of inactivity), their timestamp will be updated when their new session is created.
The existing DetailedUser
has a new getLastAuthenticationTimestamp() accessor. That property is marshaled as "lastAuthenticationTimestamp" when
the DetailedUser is returned via REST.
See the documentation for /admin/users for example JSON.
In Stash 3.7, plugins can add custom sections in the pull request notifications. For an example, see the new Comment Likes notifications. Adding custom notifications is performed as follows:
CustomPullRequestNotificationEvent (using SAL's
EventPublisher); the event should include a renderer ID, the intended recipients of the notification, plus any
data needed to render the notification encapsulated in a CustomNotificationData object (for example in Comment Like
notifications, this includes the comment ID, plus the user ID of the user who liked the comment);CustomPullRequestNotificationEvent, transforming the CustomNotificationData
into a CustomNotificationSection rendered in the notification's email.Note that the data provided by the event (CustomPullRequestNotificationEvent.getData()) should be as lightweight as
possible because it is persisted as JSON data in the database for any recipient configured to receive batched
notifications. For example, use IDs (such as the repository ID and pull request ID for a pull request) rather than
the full object (such as a pull request instance).
Custom notification renderers are registered by implementing the interface
CustomPullRequestNotificationRenderer
in a plugin and declaring it in the plugin's atlassian-plugin.xml as follows:
1 2<custom-pull-request-notification-renderer key="my-custom-notification-renderer" class="com.myorganisation.MyCustomNotificationRenderer"/>
In Stash 3.7, plugins can add custom actions to notification emails associated with pull request comments. For example,
the 'Like' and 'Reply' links in pull request comment emails are implemented as custom actions. To add your own custom
action to pull request notifications, declare a web-item in your plugin's atlassian-plugin.xml with
section="stash.notification.comment.actions", and a <link> to the URL you want the user to navigate to when clicking
on the action. For example:
1 2<web-item key="my-comment-action" name="My Comment Action" section="stash.notification.comment.actions"> <label key="com.myorganisation.comment.action.label" /> <tooltip key="com.myorganisation.comment.action.tooltip" /> <link>https://stash.mycompany.com/plugins/servlet/custom-action-servlet/${pullRequest.toRef.project.key}/${pullRequest.toRef.repository.slug}/${pullRequest.id}?commentId=${comment.id}</link> </web-item>
The custom action renders as a link below each comment in immediate and batched email notifications. Define the link
that your custom action navigates to, e.g. a servlet in your plugin that performs an action before navigating to the
pull request page, or a link that navigates to the comment on the pull request page and performs some action there.
The ${pullRequest} and ${comment} variables are provided in the notification context to help render the web-item's
link (e.g. ${pullRequest.id} and ${comment.id}).
In Stash 3.4, the closure template (soy) compiler was upgraded to the latest version as part of the upgrade of Atlassian Soy. This includes the removal of some legacy APIs as well as a stricter compiler of soy templates. The compiler is stricter than the old compiler so some templates which were previously allow may start to have compilation errors. It is possible to write templates which are compatible with both versions. Below are some of the common errors which may occur as part of the upgrade and how to fix them.
Example:
1 2template stash.feature.pullRequest.mergeHelpDialog: Call to 'aui.dialog.dialog2' is missing required param 'content'.
This is due to the strictness change in the soy compiler. the parameter on the sub template is defined as required but you are not providing it to the call. You must either mark the parameter on the sub template as optional or pass in a value for the parameter.
This is due to a change in the soy compiler where it represents numbers as longs where it previously represented them
as integers. This exception is most likely coming from a custom soy function you have written. Cast to a Number
instead and call .intValue() or .longValue().
The comment likes feature introduced in 3.5 comes with Java and REST APIs that may be used to add, remove and query comment likes programmatically:
CommentLikeServiceSelected domain objects in Stash that inherit from PropertySupport
can now have custom information associated with them. The data is stored against an entity using
PropertyMap,
which is essentially a map of string keys to any type of value. Properties supersede the
AttributeSupport
API as a more flexible alternative, with the latter being deprecated and scheduled for removal in Stash 4.0.
Alongside AttributeSupport the following attribute provider plugin modules have been deprecated and replaced with a
property provider alternative. Plugin developers are encouraged to switch to property providers, as the replaced modules
will be removed in Stash 4.0:
comment-property-provider
instead of the comment-attribute-providerpull-request-property-provider
instead of the pull-request-attribute-providerProperties must be convertible to JSON, or otherwise REST requests to resources including properties will fail.
In Stash 3.3, short SHA-1s are no longer generated by Git. Instead, they are now generated using a fixed length of 11
characters. This change was made because generating short SHA-1s in Git requires it to load the SHA-1s of every object
in the repository for consideration. For larger repositories this produces a significant amount of overhead, slowing
down several pages in Stash such as listing a repository's commits and displaying individual commits. This overhead is
compounded when using a filesystem such as NFS for STASH_HOME or STASH_SHARED_HOME.
11 characters was chosen as the default length because it greatly increases the number of objects a repository needs to have in order to have a high chance of conflict on a given short SHA-1:
All URLs in Stash use full 40 character SHA-1s so, even if there is a conflict on a given 11 character short SHA-1, navigating Stash will not be affected. Longer short SHA-1s are used to reduce the likelihood that copying a short SHA-1 from the UI, since those are all the UI generally displays, and pasting it into a console window, or any other external Git tool, will fail due to ambiguity.
As part of making this change, ChangesetReader.FORMAT, part of stash-scm-git-common, was changed to eliminate the
%h and %p elements. Any plugin code which just uses the ChangesetReader should not require a change, as long as
they pass ChangesetReader.getFormat() to --format on their command, but any plugin code which directly references
ChangesetReader.FORMAT and then does its own parsing will no longer work.
As part of Stash 3.2, the home directory was re-organized. The following changes have been made:
data/ directory has been moved to shared/data/config/ directory has moved to shared/configplugins/installed-plugins/ directory has moved to shared/plugins/installed-plugins/stash-config.properties file has moved to shared/stash-config.propertiesThe corresponding methods on ApplicationPropertiesService for these directories will return the new locations so plugins should be able to continue using these seamlessly.
As a result of the home directory re-organization, Stash 3.2 requires Atlassian Plugin SDK 5.0.3 and above. Stash will fail to start if you attempt to run your plugin via the SDK in a previous version.
Previously, Stash would initialize synchronously with the web container and be unable to service requests. In Stash 3.2 the startup was changed to be asynchronous, with Stash displaying progress of its initialization in the web UI.
Currently this can cause issues when trying to run integration tests against a Stash application as the Atlassian Plugin SDK will start running the tests before the application is fully initialized. In an upcoming release of the Atlassian Plugin SDK this will be fixed but as a workaround you can add the following configuration to your pom.xml to force Stash to initialize synchronously.
1 2<configuration> <products> <product> <id>stash</id> <instanceId>stash</instanceId> <version>${stash.version}</version> <dataVersion>${stash.data.version}</dataVersion> <systemPropertyVariables> <!-- Force Stash to start up synchronously --> <johnson.spring.lifecycle.synchronousStartup>true</johnson.spring.lifecycle.synchronousStartup> </systemPropertyVariables> </product> </products> </configuration>
Stash now correctly implements the SAL UserSettingsService. Plugins can now use this service to retrieve and update settings associated with users. Prior to Stash 3.2 the service could be injected but it would not persist any settings.
Stash 3.0 is the first major release of Stash in over a year. All interfaces that were marked deprecated in Stash 2.11 and earlier have been removed completely. As a result, existing Stash 2.x plugins that use any deprecated interfaces are not be automatically compatible with Stash 3.0.
Interfaces, classes, and methods in the Java API that were marked deprecated in Stash versions from 2.0 up to and including 2.11 have been removed.
Plugins that use any of these interfaces (which would have generated deprecation warnings when built against Stash 2.12) generally won't compile with Stash 3.0.
Precompiled plugins that used any of the deprecated interfaces will fail to install or
run in Stash 3.0, typically with java.lang.NoSuchMethodError.
Updating your plugin for Stash 3.0 shouldn't be too difficult, as alternatives to most deprecated APIs have been documented in the Java API Reference for Stash 2.12.
The following classes and interfaces have been moved to new packages or superseded by newer alternatives.
AuthenticationFailedExceptionAuthenticationFailureHandlerModuleDescriptorAuthenticationFailureHandlerAvatarRequestAvatarServiceChangeCallback2ChangesetCallback2CommentAddedEventCommentDeletedEventCommentEditedEventCommentEventCommentRepliedEventCommonHistoryServiceContentTreeCallback2ContentTreeCallback3CurrentRequestResolverDiffContentCallback2FileContentCallback2FormFragmentHistoryServiceProjectDeleteRequestedEventProjectSearchCriteriaRefCallback2RepositoryDeleteRequestedEventA few classes and interfaces have also been removed altogether, with no equivalent alternative.
CaptchaResponseCommentEditedPullRequestNotificationDeprecatedPermissionAdminServiceDeprecatedUserServiceGrantedPermissionIn addition, deprecated methods in existing classes and interfaces across the whole Stash API (too many to list here) have been removed.
Consult the Java API Reference for Stash 2.12 for details on the removed methods, and their alternatives in Stash 3.0.
Stash 3.0 has also removed Web UI Components (JavaScript, Soy, and LESS) that were marked as deprecated in Stash versions 2.0 to 2.11 inclusive.
Plugins should not be depending on any of these deprecated components, as they do not include any Atlassian standard AUI components or published Stash extensions.
Nevertheless, if you want to verify that your plugin is not affected by the removal of
deprecated Web UI APIs, try installing it in the latest 2.x release of Stash. All
the removed interfaces were present in this release and annotated with @deprecated,
so any use should result in deprecation warnings in the Developer Tools of your browser.
Stash 3.0 now has internationalization (i18n) support, and includes three language packs: French, German and Japanese! Internationalizing your plugin for these languages is highly recommended to provide a consistent look and feel for customers in their own native language. The i18n API's for plugins have been available for some time, see Internationalizing your plugin for details.
Stash 3.0 requires Java 1.7 (Oracle or OpenJDK) or higher, for both plugin development and runtime environment. Java 1.6 is no longer supported.
Stash 3.0 requires Scala 2.10 for plugin development. Scala 2.9 and earlier versions are no longer supported.
The Soy functions cav_help_url and cav_help_title for referencing help documentation are deprecated for removal
in 4.0. Use stash_help_url and stash_help_title instead.
The PullRequestLock and RepositoryLock which were previous in the stash-util module have been moved to the stash-api to facilitate the implementation of a LockService. The interfaces were moved verbatim and thus maintain their binary compatibility.
Changeset.getAuthor() and Person.getName() have always been expected to return a non-null value.
Explicit @Nonnull annotations have now been added to those methods to explicitly document that expectation.
Scala 2.9 is deprecated for plugin development and will be removed in Stash 3.0. Scala 2.10 has been available to plugins since Stash 2.11.
The HistoryService has been deprecated and renamed to CommitService. New methods have been added in CommitService
which support commenting on commits. New REST resources have been added, similar to those used for pull requests, for
adding, deleting and updating comments and for watching and unwatching commits.
rest/api/latest/projects/KEY/repos/SLUG/commits/ID). Instead, you must provide a SHA1 to
identify the commit. For example, rest/api/latest/projects/KEY/repos/SLUG/commits/refs/heads/master will no longer
work. Instead, use the SHA1 for the latest commit on refs/heads/master, like
rest/api/latest/projects/KEY/repos/SLUG/commits/5bad17727d52c17fa7f3a20ed433ebd2c1cdfa21.rest/api/latest/projects/KEY/repos/SLUG/changes is now deprecated and will be removed in 3.0. Instead, use
rest/api/latest/projects/KEY/repos/SLUG/commits/ID/changes, where ID is the value previously sent as ?untilrest/api/latest/projects/KEY/repos/SLUG/diff is now deprecated and will be removed in 3.0. Instead, use
rest/api/latest/projects/KEY/repos/SLUG/commits/ID/diff, where ID is the value previously sent as ?untilThe pullRequest context param provided to the stash.comments.actions and stash.comments.info web item locations for
comments has been deprecated to be optional for 3.0. In 3.0, web-items for these locations should not always expect the
pullRequest object as comments can also be made on commits.
The Branch Model feature introduced in Stash 2.8 now offers Java and REST API, allowing plugin developers to:
The following interfaces are the entry point to the API and may be consumed from the branch-utils artifact:
As of Stash 2.11, the branch model for a given repository may be also queried via the REST API.
When starting Stash with AMPS, the default log level of the Stash instance was changed from DEBUG to WARN.
The stash.web.repository.empty location for web-panels has been deprecated and replaced with
client-web-panels at the location stash.empty.repository.instructions. These client-web-panels will now receive
the user preferred clone url (HTTP or SSH) as a context param and re-rendered when the user changes their clone URL preference.
Updating the base URL with ApplicationPropertiesService.setBaseUrl(URI) now requires SYS_ADMIN permission.
The following callbacks have been added, extending existing callbacks:
ChangeCallback2,ChangesetCallback2,ContentTreeCallback3,DiffContentCallback2,FileContentCallback2,RefCallback2,These new interfaces make the callbacks more consistent with each other. They also introduce new onStart and onEnd
methods which accept readily-extensible context and summary objects, respectively. The context provided to onStart
offers insight into the shape of the command for which results are being streamed, with a summary of those results
provided to onEnd. Some of these objects are simple placeholders, in this release, and will be fleshed out in future
releases. Those changes, when they happen, will be backwards-compatible and will not require introducing new interfaces.
The existing interfaces are unchanged, so these new interfaces should not break any existing plugins. They are included in 2.10 to give plugin developers more time to update to the new interfaces. For each callback, an abstract base class is provided. Plugin developers should always extend from one of these base classes when implementing any callback. The base classes will make the callback implementations more resilient to future changes to the callbacks.
AbstractChangeCallback,AbstractChangesetCallback,AbstractContentTreeCallback,AbstractDiffContentCallback,AbstractFileContentCallback,AbstractRefCallback,All of the new interfaces are deprecated, and will be folded back into their respective unversioned interfaces and removed in Stash 3.0. Plugin developers who extend their implementations from one of the base classes should not be affected by that change. Each new interface describes how its unversioned interface will change in the 3.0 release.
FileContentCallback.appendBlame(List) and FileContentCallback.onEndPage(Page)In previous releases, FileContentCallback.appendBlame(List) was called after FileContentCallback.onEndPage(Page).
Stash 2.10 introduces a non-backwards-compatible change where appendBlame is now called before onEndPage. The
onEnd method on each callback is intended to always be the final method invoked, so this ordering change makes the
FileContentCallback consistent with all of the other callbacks, where onEnd is already always called last.
The audit log format has been extended with two new columns: the ID of the request in scope and the ID of the session of the request in scope.
Stash 2.9 allows for users to be renamed in both internal and remote directories. Plugins which are using the username as a key to store data against will break when a user is renamed.
In order to cope with user renames, Stash-specific plugins should use StashUser.getId(), whereas Cross-product plugins should use SAL's UserKey to store data against a user. In order to detect when a rename occurs, plugins should listen for the UserRenamedEvent.
As of 2.5.5, 2.6.6, 2.7.7, 2.8.5 and 2.9.0, Stash uses maven 3.0 to build. This should not affect the development of plugins using the Atlassian SDK nor how Stash is built from source.
Stash 2.8 introduces a new SPI to allow plugin developers to inspect pull request merges before they are applied to
the repository. In the stash-scm-git-api module, there is a new GitPullRequestMergeRequestEvent which they can
listen for.
This event includes the pull request being merged, as well as the SHA1 of the merge commit. It is raised before the pull request's target ref is updated, and can be canceled to prevent the update. When canceling a merge, the plugin must provide a message explaining why. This message will be shown to the user, so it should be clear and descriptive to help the user resolve whatever error is preventing the merge.
For more information, see STASH-3122.
Stash 2.8 introduces an SPI for providing metadata associated with refs. This metadata can be accessed via REST when retrieving a list of branches.
See the reference documentation for more information.
Previously the web fragment stash.changeset.extras would expect <dl> elements for display, with labels.
For consistency with the pull request page, and making things pretty, Stash has introduced a new fragment
stash.changeset.related-entities which is shown in the same location, but prefers the use of an icon over a label.
The old stash.changeset.extras is now considered deprecated and will be removed in 3.0.
The Stash.template.branchSelector.input template now takes in a text param which can be used to override the
default placeholder text for the branch selector dropdown when no ref is selected.
Stash 2.8 now supports moving a repository between different projects. When moved, repositories retain the same
unique ID, even though the Project is changed. Plugins which use project key and repository slug together as
a key to store data against instead of the repository's ID, will break when a repository is moved. Plugins should
instead use the repository's ID.
Stash 2.7 supports a BETA version of backup and restore. In order for your plugin's data to be included within the backup archive you will need to ensure it is stored in one of two locations:
<STASH_HOME> directory with the exception of the a few excludes the most notable of which are the
<STASH_HOME>/tmp and <STASH_HOME>/export directories.Stash 2.7 now respects the active state of users which are synchronized from an external user directory. Inactive users are will no longer be counted towards the license count and will not be returned from any of Stash's services unless explicitly requested. This is consistent with how Stash handles deleted users. More detailed documentation on how inactive users are handled can be found in the documentation for the UserService.
Stash is very strict about performance requirements, and as such uses Page everywhere to help encourage this behavior.
Previously it was possible to see an extremely large PageRequest limit size. In many cases this is reduced to a hard-limit, but in others it was respected and may have resulted in poor performance.
Now setting the limit larger than PageRequest.MAX_PAGE_LIMIT will result in an exception, which may break some plugins.
Instead of using a large limit, it is strongly suggested to page with a reasonable limit and process in batches.
Stash 2.5 introduces the concept of anonymous access to projects and repositories. There are a few implications for plugins that need to be taken into consideration.
The
StashAuthenticationContext.getCurrentUser()
method has always been annotated with @Nullable, but until now it was fairly unlikely for a null to be returned.
With anonymous access previous invocations of plugin that code that assumed a non-null result may now throw an exception.
This also include calls to
StashEvent.getUser()
and JavaScript calls to pageState.getCurrentUser().
Callers of any of any of these methods should always check the result to avoid errors caused by anonymous users.
To confirm if an anonymous user has access to a resource an extra check must be made in addition to verifying standard permissions.
It's worth noting that calls to the standard
ProjectService
and
RepositoryService
already have the appropriate permissions, and manual validation is not required in the majority of cases.
Manual anonymous permission checking is possible through new methods added to the
PermissionService
such as
isPublicAccessEnabled(),
isProjectAccessible()
and
isRepositoryAccessible().
Plugins that only check permissions such as
REPO_READ
will continue to return false for anonymous users.
With the introduction of forks it is now crucial to recognize what repository is being handled when making SCM or history calls and the implications of which branches/tags are visible.
To explain further, consider creating a pull request from a fork to the parent repository. When trying to calculate the changes between a branch on the fork to master on the parent, which branches are available will depend entirely on which repository is being referenced. In short the branch on the fork doesn't actually exist on the parent and must be referenced by changeset instead.
There are some implications to hook developers who plan on enforcing a specific workflow for forks as well as branches. Please see the hook documentation for more details.
Stash 2.4 has introduced Repository Permissions which, among other things, alter the concept of what it means to access a Project and Repository.
One important change is the introduction of a virtual permission
PROJECT_VIEW.
The PROJECT_VIEW permission is transient and is granted when a user is able to view a project,
when they have either a repository permission on a single repository, or a direct permission on the
project itself. An example of the PROJECT_VIEW permission can be seen on the screen listing the projects.
By comparison, the PROJECT_READ permission is a super-set and allows a user to access the entire project and
all the child repositories.
This change has implications to plugin developers who are either granting permissions, or using something like the
SecurityService
to elevate permissions for a particular operation. Previously there was no technical difference between granting
PROJECT_READ and REPOSITORY_READ, but after 2.4 some operations may not function correctly.
Stash 2.4 introduces a public user profile page as well as a private account management page. The following changes have been introduced to the way that plugins can interact with these pages:
There is no restriction on characters that may be present in a username, since the Stash userbase may be sourced from an external directory, such as LDAP. As such, the username property of a User is not guaranteed to be URL safe (consider a forward or backward slash in the username).
Inserting the username of a User into a path component of a URL is highly ill-advised, and the StashUser.slug property should be used instead. For example, /plugins/servlet/my-plugin/{$user.slug}. Relatedly, use UserService.getUserBySlug(String slug) to retrieve a user from Stash.
Prior to Stash 2.4, the profile was only visible to the current user; a user's profile is now visible to any user.
Plugins injecting resources into the stash.page.userProfile context are now only rendered when a user is viewing his or her own profile. This context is deprecated, and stash.page.user.profile.self should be used in preference. If your plugin was using this context to render user preference fields, you should use the Account Management pages instead.
The architecture of the profile page has also changed in Stash 2.4; previously, a plugin would inject a navigation tab and render content using a web panel. Due to the restructuring of these pages, this is no longer possible and you will need to now use a decorated page to inject a new tab. Please follow our how-to on decorating the profile page.
Other notes:
atl.userprofile is available on the account pages only (see below), not the public user profile. This is in contrast to Stash 2.3 and below which made no distinction as there was no account management pages. Use stash.page.user.profile to target these pages; see web resource contexts for other options.stash.web.userprofile.secondary.tabs web item location has been deprecated. Use stash.user.profile.secondary.tabs instead, which provides the profileUser and project (User's project object) in it's context.The account management pages are used to view and modify user account information and user preferences. These are new in Stash 2.4.
Please follow our how-to on decorating the user account page for details on how to inject data here with your plugin.
The 'stash.project.help.basics' and 'stash.project.help.reference' web item plugin points on the Project list page sidebar are deprecated. You should use 'stash.project.list.sidebar.items' instead.
The stash.web.repository.clone.before and stash.web.repository.clone.after web panel locations have been deprecated. Use stash.web.repository.header.buttons for web items and web sections or stash.web.repository.header for web panels.
The new RepositoryRefsChangedEvent gives developers an easy way to receive notification
of changes to a repository. The two existing ref change events, RepositoryPushEvent
and PullRequestMergedEvent,
now implement RepositoryRefsChangedEvent. As a result, developers needing to know about changes
can use a single event listener:
1 2@EventListener public void onRefsChangedEvent(final RepositoryRefsChangedEvent event) { // Take action when refs have changed }
Two new CancelableEvents
allow plugins to veto modifications to project settings and
repository settings.
We have added three experimental plugin modules designed to support custom authentication in Stash, such as Kerberos or custom SSO integration. See the documentation for the Http Authentication Handler, Http Authentication Success Handler and Http Authentication Failure Handler module types.
Previously hook settings were available (also via REST) for users granted the REPO_READ permission. This has been increased
to REPO_ADMIN and the documentation updated. The implications for this are plugin developers that require these
settings on non-admin pages will need to introduce their own REST endpoint and manually elevate permission as required.
Introduced a new ContentTreeCallback2,
which extends the original ContentTreeCallback,
and introduces a new onTreeNode())
method for handling extra parameters on the ContentTreeNode,
such as URLs for the newly introduced Submodule.
Plugin developers are strongly advised to extend AbstractContentTreeCallback
which provides better compatibility for future changes to either of these two interfaces.
The CancelableEvent
interface gives developers a chance to cancel certain operations. Stash currently allows cancellation of
project creation,
project deletion,
repository creation and
repository deletion.
If you are listening to a cancelable event, you can cancel the operation by calling the the cancel() method on the event, passing
a KeyedMessage
that explains the reason for cancellation.
As part of the 1.3 release Stash has made some small breaking API changes in respect to version 1.2.
com.atlassian.stash.content.*Callback have been modified slightly to include extra arguments. For example the onHunkStart method now requires 4 arguments instead of the original 2. These changes will require the extra parameters to be added to any implementations, and the plugins recompiled.com.atlassian.stash.content.PagedCallback has been removed and the onStartPage and onEndPage methods have been lifted into the various implementations. This affects ContentTreeCallback and FileContentCallback. These changes are a binary-incompatible update, and do not require any source-level changes, but do need to be recompiled.com.atlassian.stash.scm.git.remote.GitRemote*Builder.build() now returns GitCommand instead of the super-class Command. This is a binary-incompatible change, and does not require any source-level changes, but does need to be recompiled.com.atlassian.stash.scm.git.GitScmCommandBuilder.config() now returns GitConfig instead of GitConfigBuilder.com.atlassian.stash.scm.git.config.GitConfigBuilder has been split into GitConfigGetBuilder, GitConfigSetBuilder and GitConfigUnsetBuilder.Rate this page: