We've moved the communication about Jira Software Data Center and Jira Service Management Data Center releases and updates to this changelog. With this transition, we aim to provide partners and developers with a customizable feed of improvements and changes to our products.
You can continue using the Atlassian Developer community for discussion and support. Subscribe to the category to stay tuned!
If you're a Jira Data Center app developer, use this page to track upcoming changes, deprecation notices, new features, and feature updates on the Jira Data Center platform.
Midway through this quarter, we’ll be adding new Data Center app scanners to our suite of scanners (Ecoscanner) that scans Data Center apps listed on the Marketplace.
Here is what we’ll be scanning for:
Use of hardcoded secrets in Marketplace Data Center apps
Potential malware in Marketplace Data Center apps
To expand on this, the new DC app scanners will include:
Secret scanner: The new secret scanner will look for any hard-coded secrets in DC apps that could potentially pose a security risk if exposed. We engineered the scanner to detect secrets and manage potential security risks, ensuring that customer data remains protected from unauthorized access.
Malware scanner: Atlassian has implemented a robust malware scanning system for all Data Center applications in the Marketplace. This scan aims to identify and mitigate potential malware threats, thereby enhancing the security and integrity of our DC applications.
If a risk is detected: Atlassian will alert the app developer so they may investigate. If there is a critical risk, we recommend that Marketplace Partners notify customers.
We won’t begin issuing these new tickets to partners at this time; this is a preliminary announcement and an opportunity for partners to prepare. Atlassian plans on issuing tickets after August 15th 2024 via the AMS Jira project.
We are committed to working collaboratively with partners to continue improving the security of our Marketplace and fostering trust with our customers.
Partners with Partner Portal access can view the announcement in the Partner Portal blog.
We’re happy to present another Early Access Program (EAP) build of Jira Software 10.0 and Jira Service Management 10.0. To find out what’s in scope of this EAP release, refer to Preparing for Jira Software 10.0 and Jira Service Management 10.0.
You can download the current EAP from this page. If you’re using maven.atlassian.com, the version is 10.0.0-m0008.
If you’d like to share your feedback, leave a reply in the Atlassian Developer Community thread.
This EAP release is not for production or demonstration use.
The next EAP release of Jira Software 10.0 and Jira Service Management 10.0 won’t bring any further functional or technical changes as Platform 7 integration closed the planned scope. We’ll focus on quality aspects and ensuring further system stability instead.
App usage page issue is fixed resolved
The error when accessing dashboard on Jira Activity Stream Gadget is fixed
Disabled debug mode for velocity method allowlist to check the completeness of the list - https://developer.atlassian.com/server/framework/atlassian-sdk/configuring-the-velocity-allowlist/ (if you think that your method is blocked, then look for the following log: Invocation blocked as method is not allowlisted: <method>
)
DVCS doesn’t work
There are log warns when entering any page (method needs allowlisting: com.atlassian.jira.projects.issuenavigator.DefaultIssueRenderService$FakeAction#getText(java.lang.String))
Missing translations on the Admin panel
After enabling a dark feature for an async webhook and restarting Jira, webhook payloads fail to send Parent Link data
In this release, we’ve removed the following feature flags:
com.atlassian.jira.agile.darkfeature.burnupchart
optimistic.transitions
com.atlassian.jira.advanced.audit.log
velocity.chart.ui
In this EAP release, we’ve removed yet another set of methods and classes that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.
The More details section lists the methods and classes that we’ve already removed.
Here’s what’s already been removed:
Classes | Removed symbols | Instructions |
---|---|---|
|
| Use |
|
| Use You now need to implement |
| All | Use |
| All | Use |
|
| Use |
|
| Use |
|
| Use |
|
| Use standard Java |
In this EAP release, we’ve removed yet another set of REST API endpoints that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.
The More details section lists the REST API endpoints that we’ve removed.
Here’s what’s been removed:
Change | Instructions |
---|---|
Private endpoint | Use |
Private endpoint | No replacement. |
We’re happy to present another Early Access Program (EAP) build of Jira Software 10.0 and Jira Service Management 10.0. To find out what’s in scope of this EAP release, refer to Preparing for Jira Software 10.0 and Jira Service Management 10.0
You can download the current EAP from this page. If you’re using maven.atlassian.com, the version is 10.0.0-m0007.
If you’d like to share your feedback, leave a reply in the Atlassian Developer Community thread.
This EAP release is not for production or demonstration use.
The next EAP release of Jira Software 10.0 and Jira Service Management 10.0 won’t bring any further functional or technical changes as Platform 7 integration closed the planned scope. We’ll focus on quality aspects and ensuring further system stability instead.
There’s an error when accessing dashboard on Jira Activity Stream Gadget
DVCS doesn’t work
There are log warns when entering any page (method needs allowlisting: com.atlassian.jira.projects.issuenavigator.DefaultIssueRenderService$FakeAction#getText(java.lang.String))
Missing translations on the Admin panel
Minimize service disruptions and plan changes to critical systems efficiently by creating freeze and maintenance windows in the change calendar. With all events scheduled in the calendar, change approvers can easily assess requests from change requestors and adjust schedules to avoid conflicts.
To start using the change calendar in your project:
Navigate to Project settings and select Change management.
Enable the change calendar.
It is enabled by default in projects that use the ITSM template.
In the Default calendar view section, select the start and end date fields.
Change requests are plotted on the calendar based on the data in the custom fields you select here.
Select Save.
The change calendar is now available to all agents of this project from the sidebar.
Jira Software 10.0 and Jira Service Management 10.0 will include an upgrade to Atlassian Platform 7. This upgrade puts us in a better position to respond to security changes with reduced disruption and breaking changes for your apps. Prepare for the Platform 7 upgrade
REST API documentation for Jira Core and Jira Software that are in OpenAPI standard and in a refreshed graphical form are already available. This is the first time REST API documentation for Jira Core and Jira Software are no longer split. What’s more, the content has been reviewed and updated. Check out the documentation
This change is still a work in progress.
Most instances of AUI Dialog 1 in Jira Core have been migrated to AUI Dialog 2. AUI Dialog 1 will be removed from Jira completely, so if your app uses that component, make sure to migrate to AUI Dialog 2.
We're making steps towards verifiably secure installation directories for all Data Center products. These changes not only increase the difficulty for an attacker to exploit filesystem access, but also allow customers to verify the state of the product installation.
From Jira 10.0, all Velocity files stored on the filesystem (for example, shared, local home, or any other) will need to be explicitly allowlisted and must be of a specific file type. Files stored inside .jar
files and bundled within plugins will not be affected.
In addition, all method invocations within a Velocity template must be explicitly allowlisted. For more information, visit Configuring the Velocity method allowlist and Configuring the Velocity file and file type allowlist.
We’re improving and updating the Code sharing section of the Jira Data Center front-end API.
This EAP brings the following additions:
the inclusion of Jira-specific API modules, such as requested Jira Events
extensions and updates to common libraries
the introduction to particular versioning of common libraries and alias module type
annotations to modules on the UPM level and better descriptions in the code
Regular modules for the common libraries are versioned up to the minor version (x.y
), for example under the jira-frontend-api:react-18.3
web-resource Jira provides React 18.3.1, as of now. The patch version (aka bugfix) can be changed at any time, for example the same web-resource can provide React 18.3.2 in the future.
The alias modules are versioned up to the major version (x
), for example under the jira-frontend-api:react-18
web-resource Jira provides React 18.3.1, as of now. The minor version can be changed at any time, for example the same web-resource can provide React 18.4.0 in the future.
This EAP brings the following changes to the existing modules:
Dependency | Change | Rationale |
---|---|---|
| Deprecated. Use | Jira provides and supports the single jQuery version only. It can also be modified by Atlassian to include certain fixes. This is why the version has been dropped from the web-resource key. It’ll also make the migration to newer versions easier. |
| Deprecated. Use | The recommended underscorejs version is the newest available one as of now (1.13.6). |
The full list of available modules:
Dependency | AMD module | Description |
---|---|---|
Jira-specific | ||
| n/a | Provides AMD support by exposing |
|
| The module allows to #get the current Jira version, as well as #compare and #isGreaterThanOrEqualTo the current Jira version with a provided one. |
|
| Provides Jira-namespaced event bus. Provides a dictionary of reasons for events being triggered in Jira, such as Provides a dictionary of event types, such as |
Common libraries | ||
|
| Provides jQuery used across Jira. |
|
| Provides Underscore 1.13.x. |
|
| Provides Backbone.js 1.6.x. |
|
| Provides React 18.3.x. |
|
| Alias module. Provides React 18.x. |
|
| Provides React-DOM 18.3.x. |
|
| Alias module. Provides React-DOM 18.x. |
Common libraries (deprecated) | ||
|
| Deprecated. Use |
|
| Deprecated. Use |
|
| Deprecated. Use Provides React 16.8.x. |
| Deprecated. Use Alias module. Provides React 16.x. | |
|
| Deprecated. Use Provides React-DOM 16.8.x. |
| Deprecated. Use Alias module. Provides React-DOM 16.x. |
In the EAP04, we introduced security annotations for Webwork actions, servlets, and REST endpoints. This EAP extends the mechanism to filters.
Each filter must be annotated following the same rules as the other endpoint types. If a filter isn't annotated, it's treated as @LicensedOnly
by default. If a user executes a request with permissions that are lower than required, the filter will be skipped.
Filters located after-encoding
and before-login
are executed before a user is authenticated (so we don’t know who the user is). Such filters can only be marked as @UnrestrictedAccess
or AnonymousSiteAccess
. Any stronger annotation will result in the filter never being run. Learn more about new default endpoint security annotations
We blocked direct requests to JSP files. JSP files can now be only loaded when requested by an action.
ANNOUNCEMENT Preparing for Jira Software 10.0 and Jira Service Management 6.0 (EAP xxx)
We’re happy to present another Early Access Program (EAP) build of Jira Software 10.0 and Jira Service Management 6.0. To find out what’s in scope of this EAP release, refer to Preparing for Jira Software 10.0 and Jira Service Management 6.0
You can download the current EAP from this page. If you’re using maven.atlassian.com, the versions are 10.0.0-m0005 and 6.0.0-m0005.
If you’d like to share your feedback, leave a reply in the Atlassian Developer Community thread.
This EAP release is not for production or demonstration use.
Removing more deprecated dependencies and code
Platform 7 (including removal of RESTv1)
Platform 6.5 is currently in use.
The Java language level is set to 16 using <jdkLevel>
in the pom.xml
file.
There may be a failure in the upgrade task related to Jira Service Management.
Errors associated with JIM have been detected.
The JCMA and Dev Status plugins are not starting as expected.
The build will not start on the default Java 17 provided by AWS on EC2.
Rate this page: