Last updated Dec 5, 2024

Preparing for Jira Software 10.0 and Jira Service Management 10.0

This documentation is intended for Jira developers who want to ensure that their existing apps are compatible with Jira Software 10.0 and Jira Service Management 10.0.

Your feedback helps makes our products better and we'd be thrilled to hear from you on Atlassian Developer Community.

Version history

ApplicationVersion numberMaven version numberRelease date
Jira 10.0
Jira Software1000000210.0.0August 22, 2024
Jira Service Management1000000210.0.0
Release Candidate (RC)
Jira Software10.0.0-RC10.0.0-m0011August 19, 2024
Jira Service Management10.0.0-RC10.0.0-m0011
EAP 08
Jira Software10.0.0-EAP0810.0.0-m0010August 8, 2024
Jira Service Management10.0.0-EAP0810.0.0-m0010
EAP 07
Jira Software10.0.0-EAP0710.0.0-m0009August 5, 2024
Jira Service Management10.0.0-EAP0710.0.0-m0009
EAP 06
Jira Software10.0.0-EAP0610.0.0-m0008July 11, 2024
Jira Service Management10.0.0-EAP0610.0.0-m0008
EAP 05
Jira Software10.0.0-EAP0510.0.0-m0007July 4, 2024
Jira Service Management10.0.0-EAP0510.0.0-m0007
EAP 04
Jira Software10.0.0-EAP0410.0.0-m0005May 28, 2024
Jira Service Management6.0.0-EAP046.0.0-m0005
EAP 03
Jira Software10.0.0-EAP0310.0.0-m0004May 6, 2024
Jira Service Management6.0.0-EAP036.0.0-m0004
EAP 02
Jira Software10.0.0-EAP0210.0.0-m0003March 27, 2024
Jira Service ManagementN/AN/AN/A

Downloads

All development releases are available for download on the Jira Early Access Program downloads page.

EAP releases are not for production or demonstration use.

Known issues

Make sure to delete secrets-config.yaml before upgrading your current Jira version to EAP07 or EAP08 because of a file format change. When you upgrade, the file will be recreated automatically with the new format.

Coming up next

This is the last EAP release of Jira Software 10.0 and Jira Service Management 10.0. Next, you can expect the release candidate (RC) which is close to being ready for the final release but may still undergo changes before the final version is out.

Changes introduced in EAP 08 (8 August 2024)

  • atlassian-renderer has been upgraded to 9.0.3

Changes introduced in EAP 07 (5 August 2024)

REST API documentation upgrade

added Jira Software Jira Service Management

We’ve modernized the look and feel of our Jira Software Data Center REST API and Jira Service Management Data Center REST API documentation by migrating it to Swagger. In addition to the refreshed look and feel we’re getting from the Swagger API documentation framework, this migration will make our API docs easier for you to navigate, find examples, and copy snippets from.

Last minute Java API breaking changes

added Jira Software

In this EAP release, we’re introducing some Java API breaking changes.

ChangeInstructions
We’re removing Jackson as a parameter type and replacing it with String.

com.atlassian.jira.issue.IssueInputParameters#addProperty(String propertyKey, JsonNode propertyValue) changed to addProperty(String propertyKey, String propertyValue)
The same change from JsonNode to String happened also in:
  • com.atlassian.jira.issue.IssueInputParameters#properties() will return Map<String, String> instead of Map<String, JsonNode>
  • com.atlassian.jira.issue.UpdateIssueRequest#getProperties() will return Map<String, String> instead of Map<String, JsonNode>
  • com.atlassian.jira.issue.UpdateIssueRequest.UpdateIssueRequestBuilder#issueProperties will now accept Map<String, String>
  • com.atlassian.jira.issue.util.IssueUpdateBean#getProperties will return Map<String, String>
  • com.atlassian.jira.issue.util.IssueUpdateBean#addProperties will now accept Map<String, String>
  • com.atlassian.jira.bc.issue.IssueService.CreateValidationResult#CreateValidationResult and getProperties will work with Map<String, String>
  • com.atlassian.jira.bc.issue.IssueService.UpdateValidationResult#UpdateValidationResult and getProperties will work with Map<String, String>
Serialize the value before passing it to the method and deserialize after reading it.
com.atlassian.configurable.ObjectConfigurationFactory#loadObjectConfigurationFromElement accepts com.atlassian.plugin.module.Element instead of org.dom4j.ElementUse the new type in method calls.
com.atlassian.jira.issue.fields.rest.IssueFinderV2#findIssue(String) returns io.atlassian.fugue.Either instead of com.atlassian.fugue.EitherReplaced class is equivalent.

Removal of REST API endpoints

removed jira service management

We’ve removed some REST API endpoints in the EAP 03 release of Jira Service Management 10. With this EAP release, we're removing also the following REST API endpoints.

ChangeInstructions
Removed GET /servicedeskapi/queues/{projectKey}Use GET /servicedeskapi/admin/queues/{projectKey} instead.
Removed PUT /servicedeskapi/queues/include-countUse PUT /servicedeskapi/admin/queues/include-count instead.
Removed PUT /servicedeskapi/queues/{projectKey}/include-countUse PUT /servicedeskapi/admin/queues/{projectKey}/include-count instead.
Removed PUT /servicedeskapi/queues/cache-countUse PUT /servicedeskapi/admin/queues/cache-count instead.
Removed PUT /servicedeskapi/queues/{projectKey}/cache-countUse PUT /servicedeskapi/admin/queues/{projectKey}/cache-count instead.

Changes introduced in EAP 06 (11 July 2024)

For more details about what's in scope of this EAP release, check out the following updates:

Changes introduced in EAP 05 (4 July 2024)

For more details about what's in scope of this EAP release, check out the following updates:

Upgrade to Platform 7

added Jira Software Jira Service Management

Jira Software 10.0 and Jira Service Management 10.0 will include an upgrade to Atlassian Platform 7. This upgrade puts us in a better position to respond to security changes with reduced disruption and breaking changes for your apps. Prepare for the Platform 7 upgrade

Avoid surprises with the change calendar

added Jira Software Jira Service Management

Minimize service disruptions and plan changes to critical systems efficiently by creating freeze and maintenance windows in the change calendar. With all events scheduled in the calendar, change approvers can easily assess requests from change requestors and adjust schedules to avoid conflicts.

To start using the change calendar in your project:

  1. Navigate to Project settings and select Change management.
  2. Enable the change calendar. It is enabled by default in projects that use the ITSM template.
  3. In the Default calendar view section, select the start and end date fields. Change requests are plotted on the calendar based on the data in the custom fields you select here.
  4. Select Save.

The change calendar is now available to all agents of this project from the sidebar.

OpenAPI Standard for REST API documentation

added Jira Software

REST API documentation for Jira Core and Jira Software that are in OpenAPI standard and in a refreshed graphical form are already available. This is the first time REST API documentation for Jira Core and Jira Software are no longer split. What’s more, the content has been reviewed and updated. Check out the documentation

Jira Core dialogs migrated to AUI Dialog 2

added Jira Software Jira Service Management

This change is still a work in progress

Most instances of AUI Dialog 1 in Jira Core have been migrated to AUI Dialog 2. AUI Dialog 1 will be removed from Jira completely, so if your app uses that component, make sure to migrate to AUI Dialog 2.

Velocity template and allowlist security improvements

added Jira Software Jira Service Management

We're making steps towards verifiably secure installation directories for all Data Center products. These changes not only increase the difficulty for an attacker to exploit filesystem access, but also allow customers to verify the state of the product installation.

From Jira 10.0, all Velocity files stored on the filesystem (for example, shared, local home, or any other) will need to be explicitly allowlisted and must be of a specific file type. Files stored inside .jar files and bundled within plugins will not be affected.

In addition, all method invocations within a Velocity template must be explicitly allowlisted. For more information, visit Configuring the Velocity method allowlist and Configuring the Velocity file and file type allowlist.

New default endpoint security annotations for filters

added Jira Software Jira Service Management

In the EAP04, we introduced security annotations for Webwork actions, servlets, and REST endpoints. This EAP extends the mechanism to filters.

Each filter must be annotated following the same rules as the other endpoint types. If a filter isn't annotated, it's treated as @LicensedOnly by default. If a user executes a request with permissions that are lower than required, the filter will be skipped.

Filters located after-encoding and before-login are executed before a user is authenticated (so we don’t know who the user is). Such filters can only be marked as @UnrestrictedAccess or AnonymousSiteAccess. Any stronger annotation will result in the filter never being run.

Learn more about new default endpoint security annotations

Custom JSPs are blocked unless loaded by an action

added Jira Software Jira Service Management

We blocked direct requests to JSP files. JSP files can now be only loaded when requested by an action.

Frontend API changes

added Jira Software

We’re improving and updating the Code sharing section of the Jira Data Center front-end API.

This EAP brings the following additions:

  • the inclusion of Jira-specific API modules, such as requested Jira Events
  • extensions and updates to common libraries
  • the introduction to particular versioning of common libraries and alias module type
  • annotations to modules on the UPM level and better descriptions in the code

Regular modules for the common libraries are versioned up to the minor version (x.y), for example under the jira-frontend-api:react-18.3 web-resource Jira provides React 18.3.1, as of now. The patch version (aka bugfix) can be changed at any time, for example the same web-resource can provide React 18.3.2 in the future.

The alias modules are versioned up to the major version (x), for example under the jira-frontend-api:react-18 web-resource Jira provides React 18.3.1, as of now. The minor version can be changed at any time, for example the same web-resource can provide React 18.4.0 in the future.

This EAP brings the following changes to the existing modules:

DependencyChangeRationale
jira-frontend-api:jquery-2.2.4Deprecated. Use jira-frontend-api:jquery (jira/api/jquery AMD) instead.Jira provides and supports the single jQuery version only. It can also be modified by Atlassian to include certain fixes. This is why the version has been dropped from the web-resource key. It’ll also make the migration to newer versions easier.
jira-frontend-api:underscore-1.8Deprecated. Use jira-frontend-api:underscore-1.13 (jira/api/underscore-1.13 AMD) instead.The recommended underscorejs version is the newest available one as of now (1.13.6).

The full list of available modules:

DependencyAMD moduleRationale
Jira-specific
jira-frontend-api:almondn/aProvides AMD support by exposing define and require global functions. You don’t typically need to depend on Almond as it’s provided by default. However, it may be required if you build the custom page.
jira-frontend-api:versionjira/api/versionThe module allows to #get the current Jira version, as well as #compare and #isGreaterThanOrEqualTo the current Jira version with a provided one.
jira-frontend-api:jira-events1. jira/api/events
2. jira/api/events/reasons
3. jira/api/events/types
1. Provides Jira-namespaced event bus.
2. Provides a dictionary of reasons for events being triggered in Jira, such as panelRefreshed.
3. Provides a dictionary of event types, such as NEW_CONTENT_ADDED.
Common libraries
jira-frontend-api:jqueryjira/api/jqueryProvides jQuery used across Jira.
Current version: 2.2.4 with patches
jira-frontend-api:underscore-1.13jira/api/underscore-1.13Provides Underscore 1.13.x.
Current version: 1.13.6.
jira-frontend-api:backbone-1.6jira/api/backbone-1.6Provides Backbone.js 1.6.x.
Current version: 1.6.0.
jira-frontend-api:react-18.3jira/api/react-18.3Alias module. Provides React 18.3.x.
Current version: 18.3.1.
jira-frontend-api:react-dom-18.3jira/api/react-dom-18.3Provides React-DOM 18.3.x.
Current version: 18.3.1.
jira-frontend-api:react-dom-18jira/api/react-dom-18Alias module. Provides React-DOM 18.3.x.
Current version: 18.3.1.
Common libraries (deprecated)
jira-frontend-api:jquery-2.2.4jira/api/jquery-2.2.4Deprecated. Use jira-frontend-api:jquery (jira/api/jquery AMD) instead
jira-frontend-api:underscore-1.8jira/api/underscore-1.8Deprecated. Use jira-frontend-api:underscore-1.13 (jira/api/underscore-1.13 AMD) instead.
jira-frontend-api:react-16jira/api/react-16.8Deprecated. Use jira-frontend-api:react-18.3 (jira/api/react-18.3 AMD) instead.
Provides React 16.8.x.
Current version: 16.8.6.
jira/api/react-16Deprecated. Use jira-frontend-api:react-18 (jira/api/react-18 AMD) instead.
Alias module. Provides React 16.x.
Current version: 16.8.6.
jira-frontend-api:react-dom-16jira/api/react-dom-16.8Deprecated. Use jira-frontend-api:react-dom-18.3 (jira/api/react-dom-18.3 AMD) instead.
Provides React-DOM 16.8.x.

Current version: 16.8.6.
jira/api/react-dom-16Deprecated. Use jira-frontend-api:react-dom-18 (jira/api/react-dom-18 AMD) instead.
Alias module. Provides React-DOM 16.x.

Current version: 16.8.6.

Removal of previously deprecated feature flags in EAP 05

removed jira software jira service management

In this EAP release, we’ve removed the following feature flags:

  • com.atlassian.jira.agile.darkfeature.burnupchart
  • optimistic.transitions
  • com.atlassian.jira.advanced.audit.log
  • velocity.chart.ui

Removal of previously deprecated methods and classes in EAP 05

removed jira software jira service management

In this EAP release, we’ve removed yet another set of methods and classes that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.

Here’s what’s been removed:

ClassesRemoved symbolsInstructions
com.atlassian.jira.issue.customfields.CustomFieldType#getNonnullCustomFieldProvider()Use getNonNullCustomFieldProvider() instead.
com.atlassian.jira.issue.customfields.vdi.NonNullCustomFieldProvider
com.atlassian.jira.issue.customfields.DefaultNonNullCustomFieldProvider
#getCustomFieldInfo(com.atlassian.jira.issue.Issue)Use getCustomFieldInfo(java.util.List issues) instead.
You now need to implement #getCustomFieldInfo(java.util.List<com.atlassian.jira.issue.Issue> issues) in every class you were previously implementing #getCustomFieldInfo(com.atlassian.jira.issue.Issue issue).
com.atlassian.jira.issue.customfields.CustomFieldPrefetchedDataAllUse com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData instead.
com.atlassian.jira.issue.customfields.NonnullCustomFieldProvider
com.atlassian.jira.issue.customfields.persistence.DefaultNonnullCustomFieldProvider
AllUse com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData instead.
com.atlassian.jira.issue.index.indexers.FieldIndexer
com.atlassian.jira.issue.index.indexers.impl.AbstractCustomFieldIndexer

com.atlassian.jira.issue.customfields.impl.TextCFType
#addIndex(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.CustomFieldPrefetchedData)Use #addIndex(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData) instead.
com.atlassian.jira.issue.index.indexers.impl.AbstractCustomFieldIndexer##addDocumentFieldsNotSearchable(org.apache.lucene.document.Document doc, com.atlassian.jira.issue.Issue issue, com.atlassian.jira.issue.customfields.CustomFieldPrefetchedData prefetchedData)Use #addDocumentFieldsNotSearchable(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData) instead.
com.atlassian.jira.util.collect.CollectionUtil#filter(Collection<T>, Predicate<? super T>)>Use standard Stream#filter(Predicate<?>) and appropiate Stream#collect(...) call.

Removal of previously deprecated REST API endpoints in EAP 05

removed jira software jira service management

In this EAP release, we’ve removed yet another set of REST API endpoints that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.

Here’s what’s been removed:

ChangeInstructions
Private endpoint POST /api/1.0/user/{username}/avatar/{avatarid} provided by com.atlassian.jira.rest.v1.users.UserResourceUse PUT /rest/api/2/user/avatar provided by com.atlassian.jira.rest.v2.issue.UserResource#updateUserAvatar instead.
Private endpoint GET globalconfig/1/issuecustomfields/{issue} provided by com.atlassian.jira.projectconfig.rest.global.IssueCustomFieldsResource#getAffectedProjectsNo replacement.

Blocked direct JSP access

blocked jira software jira service management

In Jira 9.x, each JSP file could be accessed directly. For example, you could access includes/reports/project/mac.jsp and get a response.

Starting from Jira 10.0, only a handful of JSP files can be accessed directly, such as login.jsp and logout.jsp. The rest of them can only be requested as views of actions. You are no longer able to directly access secure/views/myaction.jsp in your browser. However, you can set up an action to use it:

1
2
<webwork1 key="myKey" name="actions.MyAction" class="java.lang.Object">
    <actions>
        <action name="com.acme.actions.MyAction" alias="MyAction">
            <view name="success">/secure/views/myaction.jsp</view>
        </action>
    </actions>
</webwork1>

If you request a non-allowed JSP, you’ll get an HTTP 404 response.

If you would like to see if a direct JSP access is being blocked, enable DEBUG logs for com.atlassian.jira.web.filters.annotations.JspChecker.

Changes introduced in EAP 04 (28 May 2024)

For more details about what's in scope of this EAP release, check out the following updates:

Java 17 becomes the default

added jira software jira service management

Jira Software 10.0 and Jira Service Management 10.0 have been recompiled in Java 17, which becomes the default language level. This means that from now on, earlier versions of Java will no longer be supported.

Jira Software dialogs migrated to AUI Dialog 2

This change is still a work in progress

The following dialogs in Jira Software are now using the AUI Dialog 2 component:

  • Release version
  • Create status
  • Select kanban transition
  • Reopen sprint
  • Remove status
  • Complete sprint
  • Complete parent
  • Update filter query
  • Convert workflow
  • Version quick create
  • Add column
  • Delete board

AUI Dialog 1 will be removed from Jira completely, so if your app uses that component, make sure to migrate to AUI Dialog 2.

New default endpoint security annotations

added Jira Software Jira Service Management

This change is still a work in progress.

This EAP brings annotation handling for Webwork actions, servlets, and REST endpoints. The final release of Jira Software 10.0 and Jira Serivce Management 6.0 will support this mechanism also to filters.

We’re introducing a new set of annotations to improve endpoint security by giving you better control over access to endpoints. These annotations have been revised to ensure that only the intended users access your application endpoints.

Starting from Jira Software 10.0 and Jira Service Management 10.0, when no annotation is specified, only licensed users will be able to access resources. To change this, annotate all endpoints that require lower security clearance level. You can also annotate all admin and system admin endpoints to provide tighter security measures.

To prepare your application for this change, refer to Prepare your Data Center app to comply with secure endpoint defaults. Here’s a general summary of the process:

  1. Mark your endpoints with appropriate security annotations:
    If you don’t use any annotations, all endpoints are treated as marked with @LicensedOnly by default.
    • SystemAdminOnly restricts access to an endpoint to system admins only.
    • AdminOnly restricts access to admins and system admins. Note that this excludes project admins. In fact, there’s no separate annotation for project admins.
    • LicensedOnly enables access for licensed Jira users.
    • UnlicensedSiteAccess is for Jira Service Management portal customers, who aren’t licensed Jira users.
    • AnonymousSiteAccess is for endpoints that should allow anonymous access only if anonymous access has been turned on with the Allow sharing filters/dashboards with anyone on the web option.
    • UnrestrictedAccess is for endpoints that should always allow access by unauthenticated users, even if anonymous access is turned off.
  2. Run all your tests and act accordingly:
    • If all tests pass, you’re done (provided you have proper coverage).
    • If a test fails, re-run it with TRACE logging enabled for the following classes:
      1
      2
      <!-- TRACE logging for Stronger Defaults -->
      <!-- Jira servlets -->
      <Logger name="com.atlassian.jira.web.filters.annotations.SecurityAnnotationsFilter" level="TRACE" additivity="false">
          <AppenderRef ref="filelog"/>
      </Logger>
      
      <!-- Webwork actions -->
      <Logger name="com.atlassian.jira.web.dispatcher.JiraWebworkActionDispatcher" level="TRACE" additivity="false">
          <AppenderRef ref="filelog"/>
      </Logger>
      
      <!-- REST -->
      <Logger name="com.atlassian.plugins.rest.v2.security.authentication.AuthenticatedResourceFilter" level="TRACE" additivity="false">
          <AppenderRef ref="filelog"/>
      </Logger>
      
      <!-- Plugin servlets -->
      <Logger name="com.atlassian.jira.plugin.servlet.ServletModuleContainerServlet" level="TRACE" additivity="false">
          <AppenderRef ref="filelog"/>
      </Logger>
      
  3. Check the logs to find the endpoints that blocked access and:
    • If the test was incorrectly setup (for example, missing authentication), update it.
    • If the annotation was too strict, use a weaker one.
    • If the endpoint comes from Jira and you believe it is misconfigured (too strict), contact us describing your use case so that we can review it and potentially adjust the annotation level.

Removal of binary installers

removed jira software jira service management

Starting from Jira Software 10.0 and Jira Service Management 10.0, the .bin and .exe installers will no longer be available. You can still install Jira using the .zip and .tar.gz distributions.

Removal of previously deprecated feature flags

removed jira software jira service management

In this release, we’ve removed the following feature flags:

  • jira.quick.search
  • com.atlassian.jira.custom.csv.escaper
  • atlassian.cdn.static.assets

Removal of previously deprecated methods and classes (EAP 04)

removed jira software jira service management

In this EAP release, we’ve removed yet another set of methods and classes that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.

Here’s what’s been removed:

ClassesRemoved symbolsInstructions
com.atlassian.jira.security.GlobalPermissionEntry#getGlobalPermissionType()Use #getPermissionKey() instead.
com.atlassian.jira.security.JiraAuthenticationContext#getI18nBean()Use #getI18nHelper() instead.
#getText(java.lang.String)Use getText() method on #getI18nHelper().
com.atlassian.jira.sharing.ShareManager#hasPermission(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.sharing.SharedEntity)Use #isSharedWith(com.atlassian.crowd.embedded.api.User, SharedEntity) to get the same logic. Permission checks should be done in the service layer according to this information
com.atlassian.jira.user.preferences.JiraUserPreferenceswhole class moved to jira-coreYou should not construct user preferences directly. Request them through the UserPreferencesManager instead.
com.atlassian.jira.util.collect.MapBuilder#toFastMap()Use ImmutableMap directly instead.
#toImmutableMap()Use #toMap() instead, or consider using ImmutableMap if the map does not need to accept nulls
com.atlassian.jira.util.index.Contexts#nullContext()Use com.atlassian.jira.task.context.Contexts#nullContext() instead.
com.atlassian.jira.util.JiraDurationUtils#onClearCache(com.atlassian.jira.event.ClearCacheEvent)Use the DurationFormatChanged event instead.
#start()No replacement
com.atlassian.jira.web.action.issue.IssueCreationHelperBean#getProvidedFieldNames(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue)This class shouldn't be used at all and will be removed in whole, before it happens use com.atlassian.jira.web.action.issue.IssueCreationHelperBean#getProvidedFieldNames(com.atlassian.jira.issue.Issue) instead.
com.atlassian.jira.web.bean.MultiBulkMoveBean#setTargetProject(org.ofbiz.core.entity.GenericValue)Use com.atlassian.jira.web.bean.MultiBulkMoveBean#setTargetProject(com.atlassian.jira.project.Project) instead.
com.atlassian.jira.web.util.HelpUtil.HelpPath#getSimpleUrl()Use com.atlassian.jira.web.util.HelpUtil.HelpPath#getUrl() instead.
com.atlassian.jira.web.util.OutlookDate#format()Use com.atlassian.jira.datetime.DateTimeFormatter#format(java.util.Date) instead.
#getCompleteDateFormat()Use com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.
#getDatePickerFormat()Use com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.
#getDateTimePickerFormat()Use com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.
#getDateTimePickerFormatSample(java.util.Date)Use com.atlassian.jira.datetime.DateTimeFormatter#format(java.util.Date) instead.
#getNow()Use java.util.Date#Date() instead.
com.atlassian.jira.permission.SchemePermissionsAllUse com.atlassian.jira.security.PermissionManager instead.
com.atlassian.jira.permission.SchemePermissionsAllUse com.atlassian.jira.security.PermissionManager instead.
com.atlassian.jira.permission.PermissionAllUse com.atlassian.jira.security.PermissionManager or com.atlassian.jira.security.GlobalPermissionManager instead.
com.atlassian.jira.issue.attachment.AttachmentZipKitAllUse com.atlassian.jira.issue.AttachmentIndexManager instead.
com.atlassian.jira.util.NotNull (annotation)AllUse javax.annotation.Nonnull instead.
com.atlassian.jira.security.PermissionManager including its subclasses:

- com.atlassian.jira.security.PublicAccessPermissionManager
- com.atlassian.jira.security.ApplicationRequiredPermissionManager
- com.atlassian.jira.security.DefaultPermissionManager
- com.atlassian.jira.security.SubvertedPermissionManager
- getProjects(int, com.atlassian.jira.user.ApplicationUser)
- getProjects(int permissionId, ApplicationUser user, ProjectCategory projectCategory)
Use supported getProjects method, for example:

- com.atlassian.jira.security.PermissionManager#getProjects(com.atlassian.jira.security.plugin.ProjectPermissionKey, com.atlassian.jira.user.ApplicationUser)
- com.atlassian.jira.security.PermissionManager#getProjects(com.atlassian.jira.security.plugin.ProjectPermissionKey, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.ProjectCategory)
com.atlassian.jira.help.HelpUrlsParser- #defaultUrl(String, String)
- #onDemand(boolean)
Use com.atlassian.jira.help.HelpUrlsParserBuilderFactory to construct new HelpUrlsParse instance.
com.atlassian.jira.imports.project.mapper.ProjectImportIdMapper#getValuesFromImport()Use getRegisteredOldIds() (and getKey() if needed) instead.
com.atlassian.jira.imports.project.mapper.ProjectRoleActorMapper#getAllProjectRoleActors()Use the properly typed method #getProjectRoleActors() instead.
com.atlassian.jira.issue.comments.CommentManager#getProjectRole(java.lang.Long)Use com.atlassian.jira.security.roles.ProjectRoleManager#getProjectRole(Long) instead.
com.atlassian.jira.issue.fields.layout.field.FieldLayoutStorageException*No replacement
com.atlassian.jira.issue.fields.rest.json.CommentBeanFactory#createRenderedBean(com.atlassian.jira.issue.comments.Comment)Use #createRenderedBean(com.atlassian.jira.issue.comments.Comment, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.util.EmailFormatter) instead.
com.atlassian.jira.issue.index.ReindexAllCompletedEvent
  • #shouldUpdateReplicatedIndex()
  • #ReindexAllCompletedEvent(long)
  • #ReindexAllCompletedEvent(long, boolean, boolean)

Use #shouldNotifyCluster() instead.

Do not construct internal ReindexAllCompletedEvent class.

com.atlassian.jira.issue.index.ReindexAllStartedEvent
  • #shouldUpdateReplicatedIndex()
  • #ReindexAllStartedEvent()
  • #ReindexAllStartedEvent(boolean, boolean)
  • #ReindexAllStartedEvent(boolean, boolean, com.atlassian.jira.issue.index.IssueIndexingParams, com.atlassian.jira.config.ReindexMessage)

Use #shouldNotifyCluster() instead.

Don't construct internal ReindexAllStartedEvent class.

Removal of previously deprecated REST API endpoints (EAP 04)

removed jira software jira service management

In this EAP release, we’ve removed yet another set of REST API endpoints that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.

Here’s what’s been removed:

ChangeInstructions
POST globalconfig/1/customfieldoptions/{customFieldId}/ provided by com.atlassian.jira.projectconfig.rest.global.CustomFieldOptionsResource#setOptionsInstead, use POST globalconfig/1/customfieldoptions/{customFieldId}/setOptions provided by com.atlassian.jira.projectconfig.rest.global.CustomFieldOptionsResource#setOptionsForCustomField.
/greenhopper/1.0/api/sprints/{sprintId}/remotelink provided by com.atlassian.greenhopper.web.api.RemoteSprintLinkResource#createOrUpdateRemoteSprintLinkInstead, use greenhopper/1.0/api/sprints/{sprintId}/remotelinkchecked provided by com.atlassian.greenhopper.web.api.RemoteSprintLinkResource#createRemoteSprintLinkChecked.

Changes introduced in EAP 03 (6 May 2024)

For more details about what’s in scope of this EAP release, check out the following updates:

Allowlist your Velocity files on the filesystem

added Jira Software Jira Service Management

We’re making steps towards verifiably secure installation directories for all Data Center products. This change not only increases the difficulty for an attacker to exploit filesystem access, but also allows customers to verify the state of the product installation.

Starting from Bamboo 10.0, Bitbucket 9.0, Confluence 9.0, Crowd 6.0, Jira Software 10.0, and Jira Service Management 10.0, all Velocity files stored on the filesystem (that is, shared, local home, or other) will need to be explicitly allowlisted. Files stored inside of .jar archives and bundled within plugins won’t be affected.

In Confluence, Jira Software, and Jira Service Management, you can update the Velocity engine configuration to add files to the allowlist. This must be repeated for each new engine instance.

The following property is cached when the Velocity engine starts, enhancing performance and making it more difficult for attackers to disable.

1
2
velocity.addProperty(Velocity.RESOURCE_FILE_ALLOWLIST, "relative/file/path.vm")

However, we recommend migrating them to the database in every product.

Allowlist your Velocity template class and method invocations

added Jira Software Jira Service Management

Similarly to Confluence 9.0, we’re planning to migrate the method invocations in Velocity templates to an allowlist approach. All method invocations within a Velocity template will be explicitly allowed using a newly introduced annotation or app module descriptor.

The following classes and methods are allowed:

  • introspector.allowlist.classes = java.io.Serializable
  • java.io.ObjectInputValidation
  • java.lang.reflect.Proxy
  • net.sf.hibernate.proxy.HibernateProxy
  • org.springframework.cglib.proxy.Facto
  • introspector.allowlist.methods = getEditVM
  • removeHtmlTags
  • htmlEncode
  • escapeHtml
  • getLabelSearchPath
  • encodeHtml
  • encodeForHtml

Turn off the lights with dark theme

added Jira Software Jira Service Management

This change is still a work in progress.

In Jira Software 10.0 and Jira Service Management 10.0 EAP 03, dark theme becomes partially available for the first time so that you can start preparing your Data Center app to support it and allow us to gather more feedback.

For more information about adjusting your app to dark theme, visit Prepare your Data Center app for the dark theme.

Known issues

The following components don’t support dark theme yet:

  • Dashboards
  • Plans
  • Help us improve Jira dialog
  • Automation for Jira
  • Parts of the administration area
  • Some reports

The following areas have known visual issues:

  • Profile summary page
  • Some parts of the administration area:
    • Troubleshooting and support page
    • Administering personal access tokens page
    • Terminology page
    • Content delivery network page
    • Rate limiting page
  • Backlog view
  • Create project dialog

Upgrade to Groovy 4

added Jira Service Management

To improve security, functionality, and syntax support, we’re planning to upgrade from Groovy 2 to Groovy 4 in Jira Service Management 10.0. If you’ve been using Groovy scripts in Assets, test your existing scripts against this EAP release of Jira Service Management 10.0 or the Groovy 4 console.

Here’s a rundown of the most important breaking changes:

If you run into the following issue with JsonSlurper, replace JsonSlurper with Jackson ObjectMapper.

1
2
java.lang.RuntimeException: Unable to load FastStringService
  at org.apache.groovy.json.internal.FastStringUtils.getService(FastStringUtils.java:56) ~[?:?]
  at org.apache.groovy.json.internal.FastStringUtils.toCharArray(FastStringUtils.java:66) ~[?:?]
  at org.apache.groovy.json.internal.BaseJsonParser.parse(BaseJsonParser.java:114) ~[?:?]
  at groovy.json.JsonSlurper.parseText(JsonSlurper.java:205) ~[?:?]

The following table lists the changes to the names of classes, packages, and modules.

For the full list of breaking changes, check out:

Class/package/module nameGroovy 2Groovy 4
groovy-xmlgroovy.utilgroovy.xml
groovygroovy.xml.QNamegroovy.namespace
groovy-antgroovy.utilgroovy.ant
groovy-consolegroovy.inspectgroovy.console
groovy.inspect.swingui
groovy.ui
groovy.console.ui
groovy.ui.ConsoleAppletDeprecated
groovy-groovyshorg.codehaus.groovy.tools.shellorg.apache.groovy.groovysh
groovy-jmxgroovy.util.GroovyMBeangroovy.jmx
groovy-nioorg.codehaus.groovy.runtime.NioGroovyMethodsorg.apache.groovy.nio.extensions.NioExtensions
org.codehaus.groovy.runtime.WritablePathorg.apache.groovy.nio.runtime
groovy-swingorg.codehaus.groovy.bindingorg.apache.groovy.swing.binding
groovy.modelgroovy.swing.model
groovy.inspect.swinguiorg.apache.groovy.swing.table
groovy-testorg.codehaus.groovy.runtime.ScriptTestAdapterorg.apache.groovy.test
groovy.transform.NotYetImplementedgroovy.test.NotYetImplemented
groovy.utilgroovy.test
groovy.langgroovy.test
GroovyClassLoaderTypes for sourceCache and classCache have changed from Map to stronger types

Breaking changes to the Java and REST APIs in EAP03

removed Jira Software Jira Service Management

We’ve removed access to a number of dependencies from Jira Software 10.0 and Jira Service Management 10.0, which are currently accessible in Jira Software 9.x and Jira Service Management 5.x:

ChangeInstructions
Jira Service Management Upgrade from Groovy 2 to Groovy 4 in AssetsMigrate all groovy code to be compatible with Groovy 4.
Jira Service Management Removal of the http-builder library from Groovy console and scripts.Switch to the native Groovy GET and POST methods.
com.atlassian.jira.util.AttachmentConfigUse AttachmentConfigManager#getTemporaryAttachmentDirectory() instead.
com.atlassian.jira.issue.attachment.AttachmentStore

Use alternative methods provided by:

  • AttachmentManager
  • ThumbnailManager
  • AttachmentConfigManager
com.atlassian.jira.util.AttachmentUtils

To create, read, or delete attachment and thumbnail data directly, Use the methods available in AttachmentManager and ThumbnailManager.

To find the temporary attachment directory, use AttachmentConfigManager#getTemporaryAttachmentDirectory().

The attachment and thumbnail directories for a particular issue are no longer exposed. Instead, use:

  • getThumbnailDirectory()
  • getAttachmentDirectory()

To manage individual attachments or store other data elsewhere, use:

  • AttachmentManager
  • ThumbnailManager

getAttachmentStore() - AttachmentStore has been removed.

getTemporaryAttachmentDirectory() - Use AttachmentConfigManager#getTemporaryAttachmentDirectory() instead.

getAttachmentFile and getThumbnailFile methods - Use AttachmentManager and ThumbnalManager eg. AttachmentManager#streamAttachmentContent.

checkValidAttachmentDirectory and checkValidTemporaryAttachmentDirectory - These checks can be omitted. Jira checks the validity of paths during startup.

AttachmentManager#attachmentsEnabled()Use AttachmentConfigManager#isAttachmentsEnabled() instead.
AttachmentManager#disableAttachments()No alternative provided
AttachmentManager#createAttachmentCopySourceFile and previously deprecated overloads of AttachmentManager#createAttachmentUse Use AttachmentManager#createAttachment(CreateAttachmentParamsBean) instead.
com.atlassian.jira.issue.attachment.CreateAttachmentParamsBean#CreateAttachmentParamsBeanInstead, use the provided builder:
com.atlassian.jira.issue.attachment.CreateAttachmentParamsBean.Builder
AttachmentManager#deleteAttachmentDirectory(Issue)To delete an issue, use IssueManager#deleteIssue instead.
Remove deprecated REST API endpoint:
GET /rest/api/2/group
provided by
com.atlassian.jira.rest.v2.issue.GroupResource#getGroup
GET /rest/api/2/group (docs) will be removed. Use Use GET /rest/api/2/group/member instead (docs) provided by com.atlassian.jira.rest.v2.issue.GroupResource#getUsersFromGroup instead.
Disabling runtime compilation of JavaServer Pages (JSP).Affected vendors have been contacted.
There is no longer any support for modifying the JSP.
[Public documentation](https://hello.atlassian.net/wiki/spaces/SERVER/pages/3533683978 "https://hello.atlassian.net/wiki/spaces/SERVER/pages/3533683978") will be updated.
Public endpoint DELETE /rest/api/2/version/{id}
provided by
com.atlassian.jira.rest.v2.issue.VersionResource#delete(java.lang.String, java.lang.String, java.lang.String) removed along with public API methods:
com.atlassian.jira.bc.project.version.VersionService#delete(JiraServiceContext, ValidationResult)
com.atlassian.jira.project.version.VersionManager#deleteVersion(ApplicationUser, Version, Option<Version>, Option<Version>)
Use
POST /rest/api/2/version/{id}/removeAndSwap
provided by
com.atlassian.jira.rest.v2.issue.VersionResource#delete(String, DeleteAndReplaceVersionBean)
For the Public API use the following replacements:
com.atlassian.jira.bc.project.version.VersionService#deleteVersionAndSwap
com.atlassian.jira.project.version.VersionManager#deleteVersionAndSwap
Velocity upgraded to 1.6.4.atlassian_28 to receive path traversal preventionN/A
Block Velocity file URL access in webapp directoryWe don't use any .vm files in the webapp directory. Not breaking for Jira itself (in theory).
com.atlassian.jira.bc.license.JiraLicenseService.ValidationResult#getLicenseVersion()Use #getLicenseDetails().getLicenseVersion() instead.
com.atlassian.jira.bc.license.JiraLicenseService.ValidationResult#getTotalUserCount()Use one of the following:
  • com.atlassian.jira.application.ApplicationAuthorizationService#getUserCount(ApplicationKey)
  • com.atlassian.jira.user.util.UserManager#getTotalUserCount()
com.atlassian.jira.bc.portal.PortalPageService#updatePortalPageUnconditionally(com.atlassian.jira.bc.JiraServiceContext, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.portal.PortalPage) removedUse one of the following:
  • #updatePortalPageOwner
  • #updatePortalPage
  • PortalPageManager#update
com.atlassian.jira.bc.project.version.VersionService#validateVersionDetails(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.version.Version, java.lang.String, java.lang.String) removedUse #validateUpdate(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.bc.project.version.VersionService.VersionBuilder) instead.
com.atlassian.jira.bc.project.version.VersionService#validateReleaseDate(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.version.Version, java.lang.String) removedUse #validateUpdate(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.bc.project.version.VersionService.VersionBuilder) instead.
com.atlassian.jira.bc.user.UserService#validateRemoveUserFromApplication(com.atlassian.jira.user.ApplicationUser, com.atlassian.application.api.ApplicationKey) removedUse UserService#validateRemoveUserFromApplication(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.user.ApplicationUser,com.atlassian.application.api.ApplicationKey) instead.
com.atlassian.jira.bc.customfield.CustomFieldDefinition#CustomFieldDefinition() removedUse com.atlassian.jira.bc.customfield.CustomFieldDefinition#builder to construct the instance.
com.atlassian.jira.bc.issue.comment.CommentService#isGroupVisiblityEnabled() renamed to com.atlassian.jira.bc.issue.comment.CommentService#isGroupVisibilityEnabled()Use methods with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.comment.CommentService#isProjectVisiblityEnabled() renamed to com.atlassian.jira.bc.issue.comment.CommentService#isProjectRoleVisibilityEnabled()Use methods with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.comment.CommentService#isValidCommentData(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue, java.lang.String, java.lang.String, com.atlassian.jira.util.ErrorCollection) removedUse
#isValidCommentVisibility(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue, com.atlassian.jira.bc.issue.visibility.Visibility, com.atlassian.jira.util.ErrorCollection) instead.
com.atlassian.jira.bc.issue.comment.CommentService.CommentParameters#getGroupLevel() and
com.atlassian.jira.bc.issue.comment.CommentService.CommentParameters#getRoleLevelId() removed
Use the method returning Visibility instance:
#getVisibility()
Example of use that returns io.atlassian.fugue.Option<String> instance with appropriate group level value:
getVisibility().accept(VisibilityVisitors.returningGroupLevelVisitor())
com.atlassian.jira.bc.issue.util.VisibilityValidator#isProjectRoleVisiblityEnabled() renamed to #isProjectRoleVisibilityEnabled()Use methods with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.util.VisibilityValidator#isGroupVisiblityEnabled() renamed to #isGroupVisibilityEnabled()Use methods with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.util.VisibilityValidator#isValidVisibilityData(com.atlassian.jira.bc.JiraServiceContext, java.lang.String, com.atlassian.jira.issue.Issue, java.lang.String, java.lang.String) removedUse #isValidVisibilityData(com.atlassian.jira.bc.JiraServiceContext, String, com.atlassian.jira.issue.Issue, com.atlassian.jira.bc.issue.visibility.Visibility) instead.
com.atlassian.jira.bc.issue.worklog.WorklogInputParameters#getGroupLevel,
com.atlassian.jira.bc.issue.worklog.WorklogInputParametersImpl#getGroupLevel,
com.atlassian.jira.bc.issue.worklog.WorklogInputParameters#getRoleLevelId,
com.atlassian.jira.bc.issue.worklog.WorklogInputParametersImpl#getGroupLevel removed
Use the method returning Visibility instance:
#getVisibility()
Example of use that returns io.atlassian.fugue.Option<String> instance with appropriate group level value:
getVisibility().accept(VisibilityVisitors.returningGroupLevelVisitor())
com.atlassian.jira.bulkedit.BulkOperationManager#getBulkOperations() removedUse getProgressAwareBulkOperations() instead.
com.atlassian.jira.bulkedit.BulkOperationManager#addBulkOperation(String, Class) removedUse addProgressAwareBulkOperation(String, Class) instead.
com.atlassian.jira.bulkedit.BulkOperationManager#getOperation(String) removedUse getProgressAwareOperation(String) instead.
com.atlassian.jira.bulkedit.operation.BulkOperation removedUse com.atlassian.jira.bulkedit.operation.ProgressAwareBulkOperation instead.
Removed deprecated audit REST API endpoints:
GET /rest/api/2/auditing/record
POST /rest/api/2/auditing/record

Use the new REST API endpoints instead:

  • GET /rest/auditing/1.0/events
  • GET /rest/auditing/1.0/configuration/coverage
  • GET /rest/auditing/1.0/configuration/retention
  • PUT /rest/auditing/1.0/configuration/retention/file

Removed deprecated audit API code:

  • com.atlassian.jira.auditing.AssociatedItem
  • com.atlassian.jira.auditing.ChangedValue
  • com.atlassian.jira.auditing.AuditingCategory
  • com.atlassian.jira.auditing.AuditingFilter
  • com.atlassian.jira.auditing.RecordRequest
  • com.atlassian.jira.auditing.AuditRecord

Use the new API code instead:

  • com.atlassian.audit.entity.AuditResource
  • com.atlassian.audit.entity.ChangedValue
  • com.atlassian.jira.auditing.AuditCategory (since Jira 8.12.2)
  • com.atlassian.audit.api.AuditQuery
  • com.atlassian.audit.entity.AuditEvent
  • com.atlassian.audit.entity.AuditEntity

For more information about this change, refer to Migrating to the new Jira audit log Java API.

com.atlassian.jira.issue.search.managers.IssueSearcherManager#getSearcherGroups(com.atlassian.jira.issue.search.SearchContext) removedThe com.atlassian.jira.issue.search.SearchContext parameter is no longer needed. Use #getSearcherGroups() instead.
com.atlassian.jira.issue.search.managers.SearchHandlerManager#getSearcherGroups(com.atlassian.jira.issue.search.SearchContext) removedThe com.atlassian.jira.issue.search.SearchContext parameter is no longer needed. Use #getSearcherGroups() instead.
com.atlassian.jira.issue.search.managers.SearchHandlerManager#getSearchersByClauseName(com.atlassian.jira.user.ApplicationUser, java.lang.String, com.atlassian.jira.issue.search.SearchContext) removedThe com.atlassian.jira.issue.search.SearchContext parameter is no longer needed. Use #getSearchersByClauseName(com.atlassian.crowd.embedded.api.User,String) instead.
com.atlassian.jira.issue.search.searchers.util.IndexedInputHelper#getAllIndexValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.search.ClauseNames, com.atlassian.query.Query, com.atlassian.jira.issue.search.SearchContext)The com.atlassian.jira.issue.search.SearchContext parameter is no longer needed. Use #getAllIndexValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.issue.search.ClauseNames,com.atlassian.query.Query) instead.
com.atlassian.jira.issue.search.searchers.util.IndexedInputHelper#getAllNavigatorValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.search.ClauseNames, com.atlassian.query.Query, com.atlassian.jira.issue.search.SearchContext) removedThe com.atlassian.jira.issue.search.SearchContext parameter is no longer needed. Use #getAllNavigatorValuesForMatchingClauses(ApplicationUser,com.atlassian.jira.issue.search.ClauseNames,com.atlassian.query.Query) instead.
com.atlassian.jira.issue.util.IssueUpdateBean#getUser() removedUse #getApplicationUser() instead.
com.atlassian.jira.jql.query.AbstractLocalDateOperatorQueryFactory removedUse com.atlassian.jira.jql.util.JqlLocalDateSupport#getLocalDatesFromQueryLiterals(java.util.List) instead.
com.atlassian.jira.jql.util.JqlIssueSupport#getIssues(java.lang.String, com.atlassian.jira.user.ApplicationUser) removedUse #getIssue(String,com.atlassian.jira.user.ApplicationUser) instead.
com.atlassian.jira.jql.util.JqlIssueSupport#getIssues(java.lang.String) removedUse #getIssue(String) instead.
com.atlassian.jira.license.LicenseDetails#getLicenseStatusMessage(com.atlassian.jira.user.ApplicationUser, java.lang.String, com.atlassian.jira.user.util.UserManager) removedUse #getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper,UserManager) instead.
com.atlassian.jira.license.LicenseDetails#getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper, com.atlassian.jira.web.util.OutlookDate, java.lang.String, com.atlassian.jira.user.util.UserManager) removedUse #getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper,UserManager) instead.
com.atlassian.jira.license.LicenseDetails#isLicenseAlmostExpired() removedUse LicenseDetails#getMaintenanceExpiryDate directly.
com.atlassian.jira.bc.whitelist.WhitelistService removedUse com.atlassian.plugins.whitelist.WhitelistService and com.atlassian.plugins.whitelist.OutboundWhitelist instead.
com.atlassian.jira.bc.whitelist.WhitelistManager removedUse com.atlassian.plugins.whitelist.WhitelistService and com.atlassian.plugins.whitelist.OutboundWhitelist instead.
com.atlassian.jira.mention.MentionService#sendCommentMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.comments.Comment, com.atlassian.jira.issue.comments.Comment) removedUse #sendCommentMentions(Set,ApplicationUser,Comment,Comment) instead.
com.atlassian.jira.mention.MentionService#sendIssueCreateMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.Issue) removedUse #sendIssueCreateMentions(Set,ApplicationUser,Issue) instead.
com.atlassian.jira.mention.MentionService#sendIssueEditMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.comments.Comment) removedUse #sendIssueEditMentions(Set,ApplicationUser,Issue,Comment) instead.
com.atlassian.jira.plugin.keyboardshortcut.KeyboardShortcutManager#getActiveShortcuts() removedUse #listActiveShortcutsUniquePerContext instead.
com.atlassian.jira.plugin.webfragment.conditions.AbstractJiraPermissionCondition removedUse AbstractPermissionCondition instead.
com.atlassian.jira.plugin.webfragment.conditions.AbstractPermissionCondition removedUse AbstractProjectPermissionCondition instead.
com.atlassian.jira.project.type.ProjectTypesEnabledCondition removedNo replacement
com.atlassian.jira.permission.PermissionSchemeManager#getEntitiesByType(org.ofbiz.core.entity.GenericValue, com.atlassian.jira.security.plugin.ProjectPermissionKey, java.lang.String) removedUse #getPermissionSchemeEntries(long,com.atlassian.jira.security.plugin.ProjectPermissionKey,String) instead.
com.atlassian.jira.permission.PermissionSchemeManager#getGroups(java.lang.Long, com.atlassian.jira.project.Project) removedUse #getGroups(ProjectPermissionKey,Project) instead.

Disabling runtime JavaServer Pages compilation

removed Jira Software Jira Service Management

JavaServer Pages (JSP) runtime compilation will be disabled in Jira Software 10.0 and Jira Service Management 10.0. JSP files added to the Tomcat directory that aren't shipped with the product won’t be served. Furthermore, no modifications to the JSP files will be reflected. Use Soy or Velocity templates instead.

End of support for the H2 database engine

removed Jira Software Jira Service Management

To resolve several security vulnerabilities, the JDBC driver for the H2 database engine is no longer bundled with Jira Software 10.0 and Jira Service Management 10.0. This means that we’re removing it from the list of supported platforms. Additionally, you’ll no longer be able to evaluate Jira Software 10.0 and Jira Service Management 10.0 using H2.

Removal of dependencies

removed Jira Software

In the previous EAP, we’ve announced our plansto remove access to a number of dependencies from Jira Software 10.0, which are currently accessible in Jira Software 9.x. Those dependencies have been removed in EAP 03. Here's the complete list of what’s been removed:

DependencyJava packages
nekohtml:nekohtmlorg.cyberneko.html
org.cyberneko.html.*
commons-validator:commons-validatororg.apache.commons.validator
org.apache.commons.validator.*
com.atlassian.scala.plugins:scala-2.11-provider-pluginscala.*
com.atlassian.scala.plugins:scala-2.10-provider-pluginscala.*
com.atlassian.scala.plugins:jackson-module-scala-2.10-provider-plugincom.fasterxml.jackson.module.scala2_10
io.atlassian.fugue:fugue-scalaio.atlassian.fugue.converters
commons-daemon:commons-daemonorg.apache.commons.daemon.*
org.apache.tomcat:tomcat-coyoteorg.apache.coyote.*
commons-el:commons-elorg.apache.commons.el.*
org.apache.tomcat:tomcat-jasperorg.apache.jasper.*
org.apache.tomcat:tomcat-juliorg.apache.juli
org.apache.juli.logging
org.apache.tomcat:*org.apache.tomcat
org.apache.catalina
org.apache.tika:tika-core
org.apache.tika:tika-*
org.apache.tika
org.apache.tika.*
org.apache.xmlgraphics:batik-transcoder
org.apache.xmlgraphics:batik-codec
org.apache.xmlgraphics:batik-js
org.apache.xmlgraphics:batik-svggen
org.apache.xmlgraphics:fop
org.apache.batik
org.apache.batik.*
com.querydsl:querydsl-core
com.querydsl:querydsl-sql
com.mysema.commons.lang
com.querydsl.core
com.querydsl.core.*
commons-configuration:commons-configurationorg.apache.commons.configuration
org.apache.commons.configuration.beanutils
org.apache.commons:commons-collections4org.apache.commons.collections4
com.thoughtworks.xstream:xstreamcom.thoughtworks.xstream
com.thoughtworks.xstream.*
org.apache.commons:commons-dbcp2org.apache.commons.dbcp2
org.apache.commons.dbcp2.cpdsadapter
org.apache.commons.dbcp2.datasources
org.apache.commons.dbcp2.managed
com.sun.syndication:com.springsource.com.sun.syndicationcom.sun.syndication.feed.*
com.sun.syndication.io.*
rome:romecom.sun.syndication.feed.*
com.sun.syndication.io.*
commons-discovery:commons-discoveryorg.apache.commons.discover.jdk
org.apache.commons.discovery.*
commons-jexl:commons-jexlorg.apache.commons.jexl.*
commons-jrcs:commons-jrcsorg.apache.commons.jrcs.*
com.github.rholder:guava-retryingcom.github.rholder.retry.*
org.dom4j:dom4jorg.dom4j.*
opensymphony:sitemeshcom.opensymphony.module.*
com.opensymphony.sitemesh.*
org.jdom:jdomorg.jdom.*
commons-pool:commons-poolorg.apache.commons.pool.*
org.tuckey:urlrewritefilterorg.tuckey.web.filters.urlrewrite.*
org.springframework.security:spring-security-coreorg.springframework.security.*
com.atlassian.p4package:atlassian-p4packagecom.perforce.api
commons-beanutils:commons-beanutilsorg.apache.commons.beanutils
org.apache.commons.beanutils.*
org.apache.commons:comons-compressorg.apache.commons.compress
org.apache.commons.compress.*
com.sun:jai_corecom.sun.media.jai.*
javax.media.jai
javax.media.jai.*
com.sun:jai_codeccom.sun.media.jai.*
wsdl4j:wsdl4jcom.ibm.wsdl
com.ibm.wsdl.*
javax.wsdl
javax.wsdl.*

Removal of previously deprecated methods and classes

removed Jira Software Jira Service Management

In this EAP release, we’ve removed yet another set of methods and classes that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.

Here’s what’s already been removed:

ChangeInstructions
com.atlassian.jira.bc.project.version.VersionService#delete(JiraServiceContext, ValidationResult)Use com.atlassian.jira.bc.project.version.VersionService#deleteVersionAndSwap instead.
com.atlassian.jira.bc.project.version.VersionService#deleteVersion(ApplicationUser, Version, Option<Version>, Option<Version>)Use com.atlassian.jira.project.version.VersionManager#deleteVersionAndSwap instead.
com.atlassian.jira.bc.license.JiraLicenseService.ValidationResult#getLicenseVersion()Use #getLicenseDetails().getLicenseVersion() instead.
com.atlassian.jira.bc.license.JiraLicenseService.ValidationResult#getTotalUserCount()Use one of the following:
  • com.atlassian.jira.application.ApplicationAuthorizationService#getUserCount(ApplicationKey)
  • com.atlassian.jira.user.util.UserManager#getTotalUserCount()
com.atlassian.jira.bc.portal.PortalPageService#updatePortalPageUnconditionally(com.atlassian.jira.bc.JiraServiceContext, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.portal.PortalPage)Use one of the following:
  • #updatePortalPageOwner
  • #updatePortalPage
  • PortalPageManager#update
com.atlassian.jira.bc.project.version.VersionService#validateVersionDetails(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.version.Version, java.lang.String, java.lang.String)Use #validateUpdate(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.bc.project.version.VersionService.VersionBuilder) instead.
com.atlassian.jira.bc.project.version.VersionService#validateReleaseDate(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.version.Version, java.lang.String)Use #validateUpdate(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.bc.project.version.VersionService.VersionBuilder) instead.
com.atlassian.jira.bc.user.UserService#validateRemoveUserFromApplication(com.atlassian.jira.user.ApplicationUser, com.atlassian.application.api.ApplicationKey)Use UserService#validateRemoveUserFromApplication(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.user.ApplicationUser,com.atlassian.application.api.ApplicationKey) instead.
com.atlassian.jira.bc.customfield.CustomFieldDefinition#CustomFieldDefinition()Use com.atlassian.jira.bc.customfield.CustomFieldDefinition#builder to construct the instance.
com.atlassian.jira.bc.issue.comment.CommentService#isGroupVisiblityEnabled() renamed to com.atlassian.jira.bc.issue.comment.CommentService#isGroupVisibilityEnabled()Use method with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.comment.CommentService#isProjectVisiblityEnabled() renamed to com.atlassian.jira.bc.issue.comment.CommentService#isProjectRoleVisibilityEnabled()Use method with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.comment.CommentService.CommentParameters#getGroupLevel() and com.atlassian.jira.bc.issue.comment.CommentService.CommentParameters#getRoleLevelId()Use the #getVisibility() method returning Visibility instance. Example of use that returns io.atlassian.fugue.Option<String> instance with appropriate group level value:
getVisibility().accept(VisibilityVisitors.returningGroupLevelVisitor())
com.atlassian.jira.bc.issue.util.VisibilityValidator#isProjectRoleVisiblityEnabled() renamed to #isProjectRoleVisibilityEnabled()Use methods with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.util.VisibilityValidator#isGroupVisiblityEnabled() renamed to #isGroupVisibilityEnabled()Use methods with the visiblity typo corrected to visibility.
com.atlassian.jira.bc.issue.util.VisibilityValidator#isValidVisibilityData(com.atlassian.jira.bc.JiraServiceContext, java.lang.String, com.atlassian.jira.issue.Issue, java.lang.String, java.lang.String)Use #isValidVisibilityData(com.atlassian.jira.bc.JiraServiceContext, String, com.atlassian.jira.issue.Issue, com.atlassian.jira.bc.issue.visibility.Visibility) instead.

Removed:

  • com.atlassian.jira.bc.issue.worklog.WorklogInputParameters#getGroupLevel,
  • com.atlassian.jira.bc.issue.worklog.WorklogInputParametersImpl#getGroupLevel
  • com.atlassian.jira.bc.issue.worklog.WorklogInputParameters#getRoleLevelId
  • com.atlassian.jira.bc.issue.worklog.WorklogInputParametersImpl#getGroupLevel

Use the #getVisibility() method returning Visibility instance.

Example of use that returns io.atlassian.fugue.Option<String> instance with appropriate group level value:
getVisibility().accept(VisibilityVisitors.returningGroupLevelVisitor())

com.atlassian.jira.bulkedit.BulkOperationManager#getBulkOperations()Use getProgressAwareBulkOperations() instead.
com.atlassian.jira.bulkedit.BulkOperationManager#addBulkOperation(String, Class)Use addProgressAwareBulkOperation(String, Class) instead.
com.atlassian.jira.bulkedit.BulkOperationManager#getOperation(String)Use getProgressAwareOperation(String) instead.
com.atlassian.jira.bulkedit.operation.BulkOperationUse com.atlassian.jira.bulkedit.operation.ProgressAwareBulkOperation instead.

Deprecated audit API code:

  • com.atlassian.jira.auditing.AssociatedItem
  • com.atlassian.jira.auditing.ChangedValue
  • com.atlassian.jira.auditing.AuditingCategory
  • com.atlassian.jira.auditing.AuditingFilter
  • com.atlassian.jira.auditing.RecordRequest
  • com.atlassian.jira.auditing.AuditRecord

Use the following API code instead:

  • com.atlassian.audit.entity.AuditResource
  • com.atlassian.audit.entity.ChangedValue
  • com.atlassian.jira.auditing.AuditCategory (since Jira 8.12.2)
  • com.atlassian.audit.api.AuditQuery
  • com.atlassian.audit.entity.AuditEvent
  • com.atlassian.audit.entity.AuditEntity

For more details, refer to the migration guide.

com.atlassian.jira.bc.whitelist.WhitelistServiceUse com.atlassian.plugins.whitelist.WhitelistService and com.atlassian.plugins.whitelist.OutboundWhitelist instead
com.atlassian.jira.bc.whitelist.WhitelistManager
com.atlassian.jira.issue.search.managers.IssueSearcherManager.getSearcherGroups(com.atlassian.jira.issue.search.SearchContext)Use #getSearcherGroups() instead.
com.atlassian.jira.issue.search.managers.SearchHandlerManager.getSearcherGroups(com.atlassian.jira.issue.search.SearchContext)Use #getSearcherGroups() instead.
com.atlassian.jira.issue.search.managers.SearchHandlerManager.getSearchersByClauseName(com.atlassian.jira.user.ApplicationUser, java.lang.String, com.atlassian.jira.issue.search.SearchContext)Use #getSearchersByClauseName(com.atlassian.crowd.embedded.api.User,String) instead.
com.atlassian.jira.issue.search.searchers.util.IndexedInputHelper.getAllIndexValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.search.ClauseNames, com.atlassian.query.Query, com.atlassian.jira.issue.search.SearchContext)Use #getAllIndexValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.issue.search.ClauseNames,com.atlassian.query.Query) instead.
com.atlassian.jira.issue.search.searchers.util.IndexedInputHelper.getAllNavigatorValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.search.ClauseNames, com.atlassian.query.Query, com.atlassian.jira.issue.search.SearchContext)Use #getAllNavigatorValuesForMatchingClauses(ApplicationUser,com.atlassian.jira.issue.search.ClauseNames,com.atlassian.query.Query) instead.
com.atlassian.jira.issue.util.IssueUpdateBean.getUser()Use #getApplicationUser() instead.
com.atlassian.jira.jql.query.AbstractLocalDateOperatorQueryFactoryUse com.atlassian.jira.jql.util.JqlLocalDateSupport#getLocalDatesFromQueryLiterals(java.util.List) instead.
com.atlassian.jira.jql.util.JqlIssueSupport.getIssues(java.lang.String)Use #getIssue(String) instead.
com.atlassian.jira.jql.util.JqlIssueSupport.getIssues(java.lang.String, com.atlassian.jira.user.ApplicationUser)Use #getIssue(String,com.atlassian.jira.user.ApplicationUser) instead.
com.atlassian.jira.license.LicenseDetails.getLicenseStatusMessage(com.atlassian.jira.user.ApplicationUser, java.lang.String, com.atlassian.jira.user.util.UserManager)Use #getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper,UserManager) instead.
com.atlassian.jira.license.LicenseDetails.getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper, com.atlassian.jira.web.util.OutlookDate, java.lang.String, com.atlassian.jira.user.util.UserManager)Use #getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper,UserManager) instead.
com.atlassian.jira.license.LicenseDetails.isLicenseAlmostExpired()Use LicenseDetails#getMaintenanceExpiryDate instead.
com.atlassian.jira.mention.MentionService.sendCommentMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.comments.Comment, com.atlassian.jira.issue.comments.Comment)Use #sendCommentMentions(Set,ApplicationUser,Comment,Comment) instead.
com.atlassian.jira.mention.MentionService.sendIssueCreateMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.Issue)Use #sendIssueCreateMentions(Set,ApplicationUser,Issue) instead.
com.atlassian.jira.mention.MentionService.sendIssueEditMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.comments.Comment)Use #sendIssueEditMentions(Set,ApplicationUser,Issue,Comment) instead.
com.atlassian.jira.permission.PermissionSchemeManager.getEntitiesByType(org.ofbiz.core.entity.GenericValue, com.atlassian.jira.security.plugin.ProjectPermissionKey, java.lang.String)Use #getPermissionSchemeEntries(long,com.atlassian.jira.security.plugin.ProjectPermissionKey,String) instead.
com.atlassian.jira.permission.PermissionSchemeManager.getGroups(java.lang.Long, com.atlassian.jira.project.Project)Use #getGroups(ProjectPermissionKey,Project) instead.
com.atlassian.jira.plugin.keyboardshortcut.KeyboardShortcutManager.getActiveShortcuts()Use #listActiveShortcutsUniquePerContext instead.
com.atlassian.jira.plugin.webfragment.conditions.AbstractJiraPermissionConditionUse AbstractPermissionCondition instead.
com.atlassian.jira.plugin.webfragment.conditions.AbstractPermissionConditionUse AbstractProjectPermissionCondition instead.
com.atlassian.jira.project.type.ProjectTypesEnabledConditionNo replacement.

Here’s what you can expect us to remove in the future:

ChangeInstructions
com.atlassian.jira.auditing.AuditingManager#countRecordsUse com.atlassian.audit.api.AuditSearchService#count instead.
com.atlassian.jira.auditing.AuditingManager#getRecordsUse com.atlassian.audit.api.AuditSearchService#findBy or com.atlassian.audit.api.AuditSearchService#stream instead.
com.atlassian.jira.auditing.AuditingManager#storeUse com.atlassian.audit.api.AuditService#audit instead.
com.atlassian.jira.auditing.AuditingService#getRecordsUse com.atlassian.audit.api.AuditSearchService#findBy or com.atlassian.audit.api.AuditSearchService#stream instead.
com.atlassian.jira.auditing.AuditingService#getTotalNumberOfRecordsUse com.atlassian.audit.api.AuditSearchService#count instead.
com.atlassian.jira.auditing.AuditingService#storeRecordUse com.atlassian.audit.api.AuditService#audit instead.
com.atlassian.jira.auditing.Records.getRecords()Use #getResults instead.
com.atlassian.jira.bc.issue.comment.CommentService.isGroupVisiblityEnabled()Use #isGroupVisibilityEnabled() instead.
com.atlassian.jira.bc.issue.comment.CommentService.isProjectRoleVisiblityEnabled()Use #isProjectRoleVisibilityEnabled() instead.
com.atlassian.jira.bc.issue.comment.CommentService.isValidCommentData(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue, java.lang.String, java.lang.String, com.atlassian.jira.util.ErrorCollection)Use #isValidCommentVisibility(ApplicationUser,Issue,com.atlassian.jira.bc.issue.visibility.Visibility,ErrorCollection) instead.
com.atlassian.jira.config.ConstantsManager.storeIssueTypes(java.util.List<org.ofbiz.core.entity.GenericValue>)Use #updateIssueType(String,String,Long,String,String,Long) or #recalculateIssueTypeSequencesAndStore(java.util.List) instead.
com.atlassian.jira.config.properties.LookAndFeelBean.getVersion()Use #getSettingsHash() instead.
com.atlassian.jira.config.properties.LookAndFeelBean.updateVersion(long)Use #updateSettingsHash() instead.
com.atlassian.jira.config.SubTaskManager.insertSubTaskIssueType(java.lang.String, java.lang.Long, java.lang.String, java.lang.String)Use #insertSubTaskIssueType(String,Long,String,Long) instead.
com.atlassian.jira.config.SubTaskManager.updateSubTaskIssueType(java.lang.String, java.lang.String, java.lang.Long, java.lang.String, java.lang.String)Use #updateSubTaskIssueType(String,String,Long,String,Long) instead.
com.atlassian.jira.event.issue.IssueWatcherAddedEvent.getUser()Use #getApplicationUser() instead.
com.atlassian.jira.event.issue.IssueWatcherDeletedEvent.getUser()Use #getApplicationUser() instead.
com.atlassian.jira.event.mail.EmailQueueFlashedEventUse EmailQueueFlushedEvent instead.
com.atlassian.jira.help.HelpUrlsParser.defaultUrl(java.lang.String, java.lang.String)Use HelpUrlsParserBuilderFactory instead.
com.atlassian.jira.help.HelpUrlsParser.onDemand(boolean)Use HelpUrlsParserBuilderFactory instead.
com.atlassian.jira.imports.project.mapper.ProjectImportIdMapper.getValuesFromImport()Use getRegisteredOldIds() instead.
com.atlassian.jira.imports.project.mapper.ProjectRoleActorMapper.getAllProjectRoleActors()Use the properly typed method #getProjectRoleActors() instead.
com.atlassian.jira.issue.comments.CommentManager.getProjectRole(java.lang.Long)Use com.atlassian.jira.security.roles.ProjectRoleManager#getProjectRole(Long) instead.
com.atlassian.jira.issue.customfields.CustomFieldType.getNonnullCustomFieldProvider()Use #getNonNullCustomFieldProvider() instead.
com.atlassian.jira.issue.customfields.vdi.NonNullCustomFieldProvider.getCustomFieldInfo(com.atlassian.jira.issue.Issue)Use getCustomFieldInfo(List issues) instead.
com.atlassian.jira.issue.fields.layout.field.FieldLayoutStorageExceptionNo replacement
com.atlassian.jira.issue.fields.rest.json.CommentBeanFactory.createRenderedBean(com.atlassian.jira.issue.comments.Comment)Use #createRenderedBean(com.atlassian.jira.issue.comments.Comment) instead.
com.atlassian.jira.issue.index.ReindexAllCompletedEvent.shouldUpdateReplicatedIndex()Use #shouldNotifyCluster() instead.
com.atlassian.jira.issue.index.ReindexAllStartedEvent.shouldUpdateReplicatedIndex()Use #shouldNotifyCluster() instead.
com.atlassian.jira.scheme.SchemeManager.createScheme(java.lang.String, java.lang.String)Use #createSchemeObject(String,String) instead.
com.atlassian.jira.scheme.SchemeManager.getGroups(java.lang.Long, org.ofbiz.core.entity.GenericValue)Use #getGroups(Long,com.atlassian.jira.project.Project) instead.
com.atlassian.jira.security.GlobalPermissionEntry.getGlobalPermissionType()Use #getPermissionKey() instead.
com.atlassian.jira.security.JiraAuthenticationContext.getI18nBean()Use #getI18nHelper() instead.
com.atlassian.jira.security.JiraAuthenticationContext.getText(java.lang.String)Use getText() method on #getI18nHelper() instead.
com.atlassian.jira.sharing.ShareManager.hasPermission(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.sharing.SharedEntity)Use #isSharedWith(com.atlassian.crowd.embedded.api.User,SharedEntity) instead.
com.atlassian.jira.user.preferences.JiraUserPreferences.JiraUserPreferences()You shouldn’t construct user preferences directly. Request them through the UserPreferencesManager instead.
com.atlassian.jira.util.collect.MapBuilder.toFastMap()Use ImmutableMap directly instead.
com.atlassian.jira.util.collect.MapBuilder.toImmutableMap()Use #toMap() instead. or consider using ImmutableMap if the map doesn’t need to accept null values.
com.atlassian.jira.util.index.Contexts.nullContext()Use #com.atlassian.jira.task.context.Contexts#nullContext() instead.
com.atlassian.jira.util.JiraDurationUtils.onClearCache(com.atlassian.jira.event.ClearCacheEvent)Use #DurationFormatChanged instead.
com.atlassian.jira.util.JiraDurationUtils.start()No replacement
com.atlassian.jira.web.action.issue.IssueCreationHelperBean.getProvidedFieldNames(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue)Use #getProvidedFieldNames(com.atlassian.jira.issue.Issue) instead.
com.atlassian.jira.web.bean.MultiBulkMoveBean.setTargetProject(org.ofbiz.core.entity.GenericValue)Use #setTargetProject(com.atlassian.jira.project.Project) instead.
com.atlassian.jira.web.util.HelpUtil.HelpPath.getSimpleUrl()Use #getUrl() instead.
com.atlassian.jira.web.util.OutlookDate.format()Use #com.atlassian.jira.datetime.DateTimeFormatter#format(java.util.Date) instead.
com.atlassian.jira.web.util.OutlookDate.getCompleteDateFormat()Use #com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.
com.atlassian.jira.web.util.OutlookDate.getDatePickerFormat()Use #com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.
com.atlassian.jira.web.util.OutlookDate.getDateTimePickerFormat()Use #com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.
com.atlassian.jira.web.util.OutlookDate.getNow()Use java.util.Date#Date() instead.
com.atlassian.jira.bc.user.search.UserSearchParams : everything related to maxResultsUse limit instead.
com.atlassian.jira.util.collect.CollectionUtil#filter(Collection<T>, Predicate<? super T>)Use com.atlassian.jira.util.collect.CollectionUtil#filter(java.lang.Iterable<T>, com.atlassian.jira.util.Predicate<? super T>) or <br>com.google.common.collect.Collections2#filter if you need to keep the same behavior.
com.atlassian.jira.permission.SchemePermissionsUse com.atlassian.jira.security.PermissionManager
com.atlassian.jira.permission.PermissionUse com.atlassian.jira.security.PermissionManager or com.atlassian.jira.security.GlobalPermissionManager
com.atlassian.jira.issue.attachment.AttachmentZipKitUse com.atlassian.jira.issue.AttachmentIndexManager
com.atlassian.jira.util.NotNull (annotation)Use javax.annotation.Nonnull

The getProjects(int, com.atlassian.jira.user.ApplicationUser) method signature from:

  • com.atlassian.jira.security.PermissionManager
  • com.atlassian.jira.security.PublicAccessPermissionManager
  • com.atlassian.jira.security.ApplicationRequiredPermissionManager
  • com.atlassian.jira.security.DefaultPermissionManager
  • com.atlassian.jira.security.SubvertedPermissionManager
Use the supported getProjects method. For example:
  • com.atlassian.jira.security.PermissionManager#getProjects(com.atlassian.jira.security.plugin.ProjectPermissionKey
  • com.atlassian.jira.user.ApplicationUser)
  • com.atlassian.jira.security.PermissionManager#getProjects(com.atlassian.jira.security.plugin.ProjectPermissionKey
  • com.atlassian.jira.user.ApplicationUser
  • com.atlassian.jira.project.ProjectCategory)

Removal of previously deprecated REST API endpoints

removed Jira Software Jira Service Management

In this EAP release, we’ve removed yet another set of REST API endpoints that have been deprecated since Jira Software 9.x and Jira Service Management 5.x.

Here’s what’s been removed:

ChangeInstructions

Removed deprecated audit REST API endpoints:

  • GET /rest/api/2/auditing/record
  • POST /rest/api/2/auditing/record

Use the new REST API endpoints instead:

  • GET /rest/auditing/1.0/events
  • GET /rest/auditing/1.0/configuration/coverage
  • GET /rest/auditing/1.0/configuration/retention
  • GET /rest/auditing/1.0/configuration/retention/file
Removed public endpoint GET /rest/api/2/group provided by com.atlassian.jira.rest.v2.issue.GroupResource#getGroupUse GET /rest/api/2/group/member provided by com.atlassian.jira.rest.v2.issue.GroupResource#getUsersFromGroup.
Removed public endpoint DELETE /rest/api/2/version/{id} provided by com.atlassian.jira.rest.v2.issue.VersionResource#delete(java.lang.String, java.lang.String, java.lang.String)Use POST /rest/api/2/version/{id}/removeAndSwap provided by com.atlassian.jira.rest.v2.issue.VersionResource#delete(String, DeleteAndReplaceVersionBean).

Note that the replacement endpoint doesn't publish the jira:version_merged webhook event.

Here’s what we’re planning to remove in the future:

ChangeInstructions
The api/1.0/users/picker and api/1.0/users/picker/filter endpoints provided by com.atlassian.jira.rest.v1.users.UserPickerResourceUse api/2/groupuserpicker provided by com.atlassian.jira.rest.v2.issue.GroupAndUserPickerResource instead.
Private endpoint GET globalconfig/1/issuecustomfields/{issue} provided by com.atlassian.jira.projectconfig.rest.global.IssueCustomFieldsResource#getAffectedProjectsNo replacement
Private endpoint POST globalconfig/1/customfieldoptions/{customFieldId}/ provided by com.atlassian.jira.projectconfig.rest.global.CustomFieldOptionsResource#setOptionsUse POST globalconfig/1/customfieldoptions/{customFieldId}/setOptions provided by com.atlassian.jira.projectconfig.rest.global.CustomFieldOptionsResource#setOptionsForCustomField.
Private endpoint POST /api/1.0/user/{username}/avatar/{avatarid} provided by com.atlassian.jira.rest.v1.users.UserResourceReplace with PUT /rest/api/2/user/avatar provided by com.atlassian.jira.rest.v2.issue.UserResource#updateUserAvatar.
Private endpoint /greenhopper/1.0/api/sprints/{sprintId}/remotelink provided by com.atlassian.greenhopper.web.api.RemoteSprintLinkResource#createOrUpdateRemoteSprintLinkUse greenhopper/1.0/api/sprints/{sprintId}/remotelinkchecked provided by com.atlassian.greenhopper.web.api.RemoteSprintLinkResource#createRemoteSprintLinkChecked.

Unbundling of atlassian-frontend-runtime-plugin

removed Jira Software

The atlassian-frontend-runtime-plugin provided common polyfills and the regenerator-runtime web resource. Since none of the supported browsers need these polyfills any longer and the plugin has been deprecated since Jira Software 9.2.0, it’ll be removed in Jira Software 10.0.

If your code is still using any web resources from this plugin, the following warnings may appear in in Jira logs:

1
2
This webresource is empty! All supported browsers no longer need these polyfills. Please remove your dependency on the "atlassian-frontend-runtime-plugin".
1
2
This webresource is deprecated and will soon be removed! All supported browsers no longer need the runtime. Please rebuild your sources without expecting the "regenerator-runtime" to be available.

The former babel-polyfill, core-js, custom-elements-v1, fetch, and focus-visible were already empty web resources, while the regenerator-runtime was still provided.

All instances of AUI Dialog 1 will be migrated to AUI Dialog 2

deprecated Jira Software Jira Service Management

This change is still a work in progress.

We’re working on migrating all of the instances of the deprecated AUI Dialog 1 remaining throughout Jira Core and Jira Software to AUI Dialog 2.

We’re also planning to remove the following web resources as part of this work:

  • com.atlassian.auiplugin:dialog
  • jira.webresources:jira-accessible-dialog

Deprecated and removed feature flags

deprecated Jira Service Management

In this EAP release, we’ve removed the jira.users.and.roles.page.in.react feature flag.

The following feature flags have been deprecated and are marked for removal in an upcoming EAP release of Jira Software 10.0 and Jira Service Management 10.0:

  • jira.quick.search
  • com.atlassian.jira.custom.csv.escaper
  • atlassian.cdn.static.assets
  • com.atlassian.jira.agile.darkfeature.burnupchart
  • optimistic.transitions
  • com.atlassian.jira.advanced.audit.log
  • velocity.chart.ui

Deprecation of http-builder from the JSM package

deprecated Jira Service Management

The http-builder library is no longer actively maintained and it’ll be removed from Jira Service Management 10.0. If you’re using this library in your Groovy scripts, we recommend that you switch to the native Groovy GET and POST methods.

Deprecation of jquery-migrate 1.x

deprecated Jira Software

We’re planning to upgrade jQuery and as part of that effort, we’ll also deprecate jquery-migrate 1.x in Jira Software 10.0 to remove it entirely in the next feature release.

Jira Software 10.0 won’t contain the upgraded jQuery and will be focused mainly around the deprecation of jquery-migrate 1.x and its removal from the superbatch Web Resource.

While jquery-migrate can still be loaded using certain Web Resource Keys (such as com.atlassian.plugins.jquery:jquery or com.atlassian.plugins.jquery:jquery-migrate), we advise against this.

For more information on the deprecation of jquery-migrate 1.x, visit the jQuery Upgrade Guide. For queries about jquery-migrate 1.x warnings, refer to jQuery Migrate Warnings. For future jQuery updates, refer to the 3.0 and 3.5 Upgrade Guides.

Changes introduced in EAP 02 (27 March 2024)

For more details about what’s in scope of this EAP release, check out the following updates:

Centralized dependency management

added Jira Software

Centralized dependency management in Jira Software 10 introduces a set of Maven POM files known as a Bill of Materials (BOM), which list the dependencies available to third-party apps.

This system aims to streamline responding to security threats and enhance efficiency of developing for Jira by ensuring that dependencies are uniform and up-to-date. This approach minimizes runtime errors such as NoSuchMethodException and allows for quicker responses to security vulnerabilities within these dependencies.

There are multiple BOM files, each serving different functions:

  • jira-api-bom: This BOM is designed for external products. It offers a centralized location for managing the dependencies of external products, ensuring that they’re using the correct, up-to-date versions of dependencies.
  • jira-deprecated-api-bom: This BOM lists libraries that may undergo changes or be removed from the public Bill of Materials in future updates.
  • jira-internal-bom: This BOM is intended for internal products. It provides a centralized location for managing internal dependencies, ensuring consistency across all internal products.
  • jira-bundled-plugins-bom: This BOM manages the versions of apps bundled with Jira.

Using artifacts for version management

BOMs (Bill of Materials) are Maven modules of the pom packaging type, which are designed to facilitate the management of imported dependencies as detailed in the Maven documentation.

Each BOM contains dependency management sections rather than direct dependencies. To use a BOM, you should first include it as a dependency with the import scope. For example:

1
2
<dependency>
    <groupId>com.atlassian.jira</groupId>
    <artifactId>jira-api-bom</artifactId>
    <version>${jira.version}</version>
    <type>pom</type>
    <scope>import</scope>
</dependency>

Subsequently, other dependencies should be explicitly defined manually with the scope provided, omitting version specifications. The versions will be configured through the imported BOM artifacts. For example:

1
2
<dependency>
    <groupId>com.atlassian.security</groupId>
    <artifactId>atlassian-secure-utils</artifactId>
    <scope>provided</scope>
</dependency>

Adopting centralized BOMs in App Development

To adopt centralised BOMs, follow these steps:

  1. Remove the jira-project dependency management import.
  2. Add jira-api-bom as a dependency with scope import.
  3. Consider adding jira-deprecated-api-bom if needed, but note that these dependencies are marked as deprecated and will be removed in future versions.
  4. Remove redundant dependency management sections from your poms (for artefacts covered by the bom)
  5. Since BOM does not define scope, if your dependency management section used to contain scope definition, you must now add it to the actual dependency declaration.
  6. Conduct deep analysis of the dependency tree to ensure all dependencies are correctly managed, and no discrepancies exist between versions. All dependencies listed in the bom files
  7. Ensure that dependencies, especially those in the provided scope, don't have a version field to allow the central pom to define it. This ensures consistency and prevents runtime issues.

Jira Software Data Center is migrated and fully exposes RESTv2

added Jira Software

For more information, check out the RESTv2 migration guide.

Breaking changes to the Java and REST APIs in EAP02

removed Jira Software

We’ve removed access to a number of dependencies from Jira Software 10.0 and Jira Service Management 10.0, which are currently accessible in Jira Software 9.x:

ChangeInstructions
Deprecated com.atlassian.jira.issue.table.IssueTable provided by jira-api removedUse com.atlassian.jira.issue.table.IssueTable provided by jira-issue-nav-plugin instead.

Removed:

  • com.atlassian.jira.rest.Dates.DateAdapter
  • com.atlassian.jira.rest.Dates.DateTimeAdapter
For marshalling and unmarshalling, use the Jackson-friendly serializers and deserializers:
  • @JsonSerialize(using = Dates.DateSerializer.class)
  • @JsonDeserialize(using = Dates.DateDeserializer.class)
Removed com.atlassian.jira:jira-func-tests-legacyMigrate your code from BaseJIRAWebTest (Junit3) to FuncTestCase (Junit 4+). This module has been deprecated since Jira 7.
The doHealthCheck request parameter was removed from the rest/api/2/serverInfo endpoint together with the healthChecks field from the response.Use jira-healthcheck-plugin instead.
Removed rest/api/1.0/endpointNo alternative provided.

Removed:

  • com.atlassian.jira.rest.v2.issue.project.ProjectRoleBean
  • com.atlassian.jira.rest.v2.issue.project.RoleActorBean

Instead, use:

  • com.atlassian.jira.rest.api.project.ProjectRoleBean
  • com.atlassian.jira.rest.api.project.RoleActorBean
Removed com.atlassian.jira.rest.v1.model.ValueCollectionNo alternative provided.
  • com.atlassian.jira.testkit.client.restclient.Response class of jira-testkit-client has been deprecated
  • com.atlassian.jira.testkit.client.RestApiClient.toResponse(...) accepts RestCall functional interface
Use com.atlassian.jira.testkit.client.restclient.ParsedResponse

Use new RestCall interface or lambda in place of method interface instead.
Jira table column update for Oracle and Mysql.No actions required, schema will be migrated on restart.

Impacted tables include: changegroup jiraissue jiraaction
com.atlassian.jira.avatar.AvatarManager
#getAvatarBaseDirectory
Use AvatarManager#readAvatarData() to access avatar data directly.

Planned removal of deprecated dependencies

deprecated Jira Software

We’re planning to remove access to a number of dependencies from Jira Software 10.0, which are currently accessible in Jira 9.x:

DependencyJava packages
nekohtml:nekohtml
  • org.cyberneko.html
  • org.cyberneko.html.*
commons-validator:commons-validator
  • org.apache.commons.validator
  • org.apache.commons.validator.*
com.atlassian.scala.plugins:scala-2.11-provider-pluginscala.*
com.atlassian.scala.plugins:scala-2.10-provider-pluginscala.*
com.atlassian.scala.plugins:jackson-module-scala-2.10-provider-plugincom.fasterxml.jackson.module.scala2_10
io.atlassian.fugue:fugue-scalaio.atlassian.fugue.converters
commons-daemon:commons-daemonorg.apache.commons.daemon.*
org.apache.tomcat:tomcat-coyoteorg.apache.coyote.*
commons-el:commons-elorg.apache.commons.el.*
org.apache.tomcat:tomcat-jasperorg.apache.jasper.*
org.apache.tomcat:tomcat-juli
  • org.apache.juli
  • org.apache.juli.logging
org.apache.tomcat:*
  • org.apache.tomcat
  • org.apache.catalina
org.apache.tika:tika-core

org.apache.tika:tika-*
  • org.apache.tika
  • org.apache.tika.*
org.apache.xmlgraphics:batik-transcoder

org.apache.xmlgraphics:batik-codec

org.apache.xmlgraphics:batik-js

org.apache.xmlgraphics:batik-svggen

org.apache.xmlgraphics:fop
  • org.apache.batik
  • org.apache.batik.*
com.querydsl:querydsl-core

com.querydsl:querydsl-sql
  • com.mysema.commons.lang
  • com.querydsl.core
  • com.querydsl.core.*
commons-configuration:commons-configuration
  • org.apache.commons.configuration
  • org.apache.commons.configuration.beanutils
org.apache.commons:commons-collections4org.apache.commons.collections4
com.thoughtworks.xstream:xstream
  • com.thoughtworks.xstream
  • com.thoughtworks.xstream.*
org.apache.commons:commons-dbcp2
  • org.apache.commons.dbcp2
  • org.apache.commons.dbcp2.cpdsadapter
  • org.apache.commons.dbcp2.datasources
  • org.apache.commons.dbcp2.managed
com.sun.syndication:com.springsource.com.sun.syndication
  • com.sun.syndication.feed.*
  • com.sun.syndication.io.*
rome:rome
  • com.sun.syndication.feed.*
  • com.sun.syndication.io.*
commons-discovery:commons-discovery
  • org.apache.commons.discover.jdk
  • org.apache.commons.discovery.*
commons-jexl:commons-jexlorg.apache.commons.jexl.*
commons-jrcs:commons-jrcsorg.apache.commons.jrcs.*
com.github.rholder:guava-retryingcom.github.rholder.retry.*
org.dom4j:dom4jorg.dom4j.*
opensymphony:sitemesh
  • com.opensymphony.module.*
  • com.opensymphony.sitemesh.*
org.jdom:jdomorg.jdom.*
commons-pool:commons-poolorg.apache.commons.pool.*
org.tuckey:urlrewritefilterorg.tuckey.web.filters.urlrewrite.*
org.springframework.security:spring-security-coreorg.springframework.security.*
com.atlassian.p4package:atlassian-p4packagecom.perforce.api
commons-beanutils:commons-beanutils
  • org.apache.commons.beanutils
  • org.apache.commons.beanutils.*
org.apache.commons:comons-compress
  • org.apache.commons.compress
  • org.apache.commons.compress.*
com.sun:jai_core
  • com.sun.media.jai.*
  • javax.media.jai
  • javax.media.jai.*
com.sun:jai_codeccom.sun.media.jai.*
wsdl4j:wsdl4j
  • com.ibm.wsdl
  • com.ibm.wsdl.*
  • javax.wsdl
  • javax.wsdl.*

Rate this page: