Jira Software 10.0.x upgrade notes

Jira Software release notes

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Here are some important notes on upgrading to Jira Software 10.0.x. For details of the new features and improvements in this release, see the Jira Software 10.0 release notes.

Platform releases allow us to incorporate multiple significant changes (often called “breaking changes”) that aren't compatible with previous versions. These changes establish a strong foundation for more extensive development in future releases.

To increase security and performance, we’ve made changes in our core architecture that require apps to bundle their libraries. We’re collaborating with our Marketplace partners on these changes, however, some apps may not be immediately compatible with the new platform upon release and cause product experience breaks. We recommend that you review your apps before upgrading to avoid service disruptions for your organization.

To check app compatibility, visit Checking app compatibility with application updates or the Atlassian Marketplace to see if your app hosting is compatible with your product version.

Skip to

Front-end API changes

This release brings an improved and updated Code sharing section of the Jira Data Center front-end API. We’ve introduced the following changes:

  • Inclusion of Jira-specific API modules, such as requested Jira Events.

  • Extensions and updates to common libraries.

  • Introduction to particular versioning of common libraries and alias module type.

  • Annotations to modules on the UPM level and better descriptions in the code.

Regular modules for the common libraries are versioned up to the minor version (x.y), for example, under the jira-frontend-api:react-18.3 web-resource Jira provides React 18.3.1, as of now. The patch version (aka bug fix) can be changed at any time, for example, the same web-resource can provide React 18.3.2 in the future.

The alias modules are versioned up to the major version (x), for example, under the jira-frontend-api:react-18 web-resource Jira provides React 18.3.1, as of now. The minor version can be changed at any time, for example, the same web-resource can provide React 18.4.0 in the future.

See the full list of changes

Dependency

Change

Rationale

jira-frontend-api:jquery-2.2.4

Deprecated. Use jira-frontend-api:jquery (jira/api/jquery AMD) instead.

Jira provides and supports the single jQuery version only. It can also be modified by Atlassian to include certain fixes. This is why the version has been dropped from the web-resource key. It’ll also make the migration to newer versions easier.

jira-frontend-api:underscore-1.8

Deprecated. Use jira-frontend-api:underscore-1.13 (jira/api/underscore-1.13 AMD) instead.

The recommended underscorejs version is the newest available one as of now (1.13.6).

The full list of available modules:

Dependency

AMD module

Rationale

Jira-specific

jira-frontend-api:almond

n/a

Provides AMD support by exposing define and require global functions. You don’t typically need to depend on Almond as it’s provided by default. However, it may be required if you build the custom page.

jira-frontend-api:version

jira/api/version

The module allows to #get the current Jira version, as well as #compare and #isGreaterThanOrEqualTo the current Jira version with a provided one.

jira-frontend-api:jira-events

  1. jira/api/events

  2. jira/api/events/reasons

  3. jira/api/events/types

  1. Provides Jira-namespaced event bus.

  2. Provides a dictionary of reasons for events being triggered in Jira, such as panelRefreshed.

  3. Provides a dictionary of event types, such as NEW_CONTENT_ADDED.

Common libraries

jira-frontend-api:jquery

jira/api/jquery

Provides jQuery used across Jira.
Current version: 2.2.4 with patches

jira-frontend-api:underscore-1.13

jira/api/underscore-1.13

Provides Underscore 1.13.x.
Current version: 1.13.6.

jira-frontend-api:backbone-1.6

jira/api/backbone-1.6

Provides Backbone.js 1.6.x.
Current version: 1.6.0.

jira-frontend-api:react-18.3

jira/api/react-18.3

Alias module. Provides React 18.3.x.
Current version: 18.3.1.

jira-frontend-api:react-dom-18.3

jira/api/react-dom-18.3

Provides React-DOM 18.3.x.
Current version: 18.3.1.

jira-frontend-api:react-dom-18

jira/api/react-dom-18

Alias module. Provides React-DOM 18.3.x.
Current version: 18.3.1.

Common libraries (deprecated)

jira-frontend-api:jquery-2.2.4

jira/api/jquery-2.2.4

Deprecated. Use jira-frontend-api:jquery (jira/api/jquery AMD) instead

jira-frontend-api:underscore-1.8

jira/api/underscore-1.8

Deprecated. Use jira-frontend-api:underscore-1.13 (jira/api/underscore-1.13 AMD) instead.

jira-frontend-api:react-16

jira/api/react-16.8

Deprecated. Use jira-frontend-api:react-18.3 (jira/api/react-18.3 AMD) instead.
Provides React 16.8.x.
Current version: 16.8.6.

jira/api/react-16

Deprecated. Use jira-frontend-api:react-18 (jira/api/react-18 AMD) instead.
Alias module. Provides React 16.x.
Current version: 16.8.6.

jira-frontend-api:react-dom-16

jira/api/react-dom-16.8

Deprecated. Use jira-frontend-api:react-dom-18.3 (jira/api/react-dom-18.3 AMD) instead.
Provides React-DOM 16.8.x.

Current version: 16.8.6.

jira/api/react-dom-16

Deprecated. Use jira-frontend-api:react-dom-18 (jira/api/react-dom-18 AMD) instead.
Alias module. Provides React-DOM 16.x.

Current version: 16.8.6.

OpenAPI standard for REST API documentation

REST API documentation for Jira Core and Jira Software is now available in an OpenAPI standard with a refreshed graphical form. This is the first time REST API documentation for Jira Core and Jira Software is no longer split. What’s more, we’ve reviewed and updated the documentation content. Get started with REST API documentation for Jira

Removal of previously deprecated feature flags

In this release, we’ve removed the following feature flags:

  • com.atlassian.jira.agile.darkfeature.burnupchart
  • optimistic.transitions
  • com.atlassian.jira.advanced.audit.log
  • velocity.chart.ui
  • jira.quick.search
  • com.atlassian.jira.custom.csv.escaper
  • atlassian.cdn.static.assets
  • jira.users.and.roles.page.in.react

All features previously hidden behind those feature flags were enabled by default.

Breaking changes to the Java API

In this release, we've removed several deprecated methods and classes. Additionally, we’ve made adjustments to a group of methods which involved modifying the signatures and return types.

See the full list of changes

Here’s what’s been changed:

Classes

Changed symbols

Instructions

com.atlassian.jira.issue.customfields.CustomFieldType

#getNonnullCustomFieldProvider() removed.

Use #getNonNullCustomFieldProvider() instead.

  • com.atlassian.jira.issue.customfields.vdi.NonNullCustomFieldProvider

  • com.atlassian.jira.issue.customfields.DefaultNonNullCustomFieldProvider

#getCustomFieldInfo(com.atlassian.jira.issue.Issue) removed.

Use #getCustomFieldInfo(java.util.List issues) instead.
You now need to implement #getCustomFieldInfo(java.util.List<com.atlassian.jira.issue.Issue> issues) in every class you were previously implementing #getCustomFieldInfo(com.atlassian.jira.issue.Issue issue).

  • com.atlassian.jira.issue.customfields.NonnullCustomFieldProvider

  • com.atlassian.jira.issue.customfields.persistence.DefaultNonnullCustomFieldProvider

  • com.atlassian.jira.issue.customfields.CustomFieldPrefetchedData

Whole classes removed.

Use com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData instead.

  • com.atlassian.jira.issue.index.indexers.FieldIndexer

  • com.atlassian.jira.issue.index.indexers.impl.AbstractCustomFieldIndexer

  • com.atlassian.jira.issue.customfields.impl.TextCFType

#addIndex(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.CustomFieldPrefetchedData) removed.

Use #addIndex(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData) instead.

com.atlassian.jira.issue.index.indexers.impl.AbstractCustomFieldIndexer

#addDocumentFieldsNotSearchable(org.apache.lucene.document.Document doc, com.atlassian.jira.issue.Issue issue, com.atlassian.jira.issue.customfields.CustomFieldPrefetchedData prefetchedData) removed.

Use #addDocumentFieldsNotSearchable(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData) instead.

com.atlassian.jira.issue.index.indexers.impl.AbstractCustomFieldIndexer

#addDocumentFieldsSearchable(org.apache.lucene.document.Document doc, com.atlassian.jira.issue.Issue issue, com.atlassian.jira.issue.customfields.CustomFieldPrefetchedData prefetchedData) removed.

Use #addDocumentFieldsSearchable(org.apache.lucene.document.Document, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.customfields.vdi.CustomFieldPrefetchedData) instead.

com.atlassian.jira.bc.user.search.UserSearchParams

All public constructors removed.

Use UserSearchParams.Builder to construct an instance of UserSearchParams instead of using the constructor.

com.atlassian.jira.bc.user.search.UserSearchParams

#builder() behavior changed.

The behavior of this method changed, it was left for convenience. It now mirrors the behavior of UserSearchParams.builder(MAXIMUM_RESULTS).

com.atlassian.jira.util.collect.CollectionUtil

#filter(Collection<T>, Predicate<? super T>) removed.

Use standard Stream#filter(Predicate<?>) and appropriate Stream#collect(...) call.

com.atlassian.jira.security.GlobalPermissionEntry

#getGlobalPermissionType() removed.

Use #getPermissionKey() instead.

com.atlassian.jira.security.JiraAuthenticationContext

#getI18nBean() removed.

Use #getI18nHelper() instead.

com.atlassian.jira.security.JiraAuthenticationContext

#getText(java.lang.String) removed.

Use #getText() method on #getI18nHelper().

com.atlassian.jira.sharing.ShareManager

#hasPermission(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.sharing.SharedEntity) removed.

Use #isSharedWith(com.atlassian.crowd.embedded.api.User, SharedEntity) to get the same logic. Permission checks should be done in the service layer according to this information.

com.atlassian.jira.user.preferences.JiraUserPreferences

Whole class removed from public API.

You should not construct user preferences directly. Request them through the UserPreferencesManager instead.

com.atlassian.jira.util.collect.MapBuilder

#toFastMap() removed.

Use ImmutableMap directly instead.

com.atlassian.jira.util.collect.MapBuilder

#toImmutableMap() removed.

Use #toMap() instead, or consider using ImmutableMap if the map doesn't need to accept nulls.

com.atlassian.jira.util.index.Contexts

#nullContext() removed.

Use com.atlassian.jira.task.context.Contexts#nullContext() instead.

com.atlassian.jira.util.JiraDurationUtils

#onClearCache(com.atlassian.jira.event.ClearCacheEvent) removed.

Use the DurationFormatChanged event instead.

com.atlassian.jira.util.JiraDurationUtils

#start() removed.

No replacement.

com.atlassian.jira.web.action.issue.IssueCreationHelperBean

#getProvidedFieldNames(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue) removed.

Avoid using IssueCreationHelperBean class as it’ll be removed. Before it happens, use #getProvidedFieldNames(com.atlassian.jira.issue.Issue) instead.

com.atlassian.jira.web.bean.MultiBulkMoveBean

#setTargetProject(org.ofbiz.core.entity.GenericValue) removed.

Use #setTargetProject(com.atlassian.jira.project.Project) instead.

com.atlassian.jira.web.util.HelpUtil.HelpPath

#getSimpleUrl() removed.

Use #getUrl() instead.

com.atlassian.jira.web.util.OutlookDate

  • #format()
  • #getDateTimePickerFormatSample(java.util.Date)

removed.

Use com.atlassian.jira.datetime.DateTimeFormatter#format(java.util.Date) instead.

com.atlassian.jira.web.util.OutlookDate

  • #getCompleteDateFormat()
  • #getDatePickerFormat()
  • #getDateTimePickerFormat()

removed.

Use com.atlassian.jira.datetime.DateTimeFormatter#getFormatHint() instead.

com.atlassian.jira.web.util.OutlookDate

#getNow() removed.

Use java.util.Date#Date() instead.

com.atlassian.jira.permission.SchemePermissions

Whole class removed.

Use com.atlassian.jira.security.PermissionManager instead.

com.atlassian.jira.permission.Permission

Whole class removed.

Use com.atlassian.jira.security.PermissionManager or com.atlassian.jira.security.GlobalPermissionManager instead.

com.atlassian.jira.issue.attachment.AttachmentZipKit

Whole class removed.

Use com.atlassian.jira.issue.AttachmentIndexManager instead.

com.atlassian.jira.util.NotNull (annotation)

Whole class removed.

Use javax.annotation.Nonnull instead.

com.atlassian.jira.security.PermissionManager including its subclasses:

  • com.atlassian.jira.security.PublicAccessPermissionManager
  • com.atlassian.jira.security.ApplicationRequiredPermissionManager
  • com.atlassian.jira.security.DefaultPermissionManager
  • com.atlassian.jira.security.SubvertedPermissionManager
  • getProjects(int, com.atlassian.jira.user.ApplicationUser)
  • getProjects(int permissionId, ApplicationUser user, ProjectCategory projectCategory)

removed.

Use supported getProjects method, for example:

  • com.atlassian.jira.security.PermissionManager#getProjects(com.atlassian.jira.security.plugin.ProjectPermissionKey, com.atlassian.jira.user.ApplicationUser)

  • com.atlassian.jira.security.PermissionManager#getProjects(com.atlassian.jira.security.plugin.ProjectPermissionKey, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.ProjectCategory)

com.atlassian.jira.help.HelpUrlsParser

  • #defaultUrl(String, String)
  • #onDemand(boolean)

removed.

Use com.atlassian.jira.help.HelpUrlsParserBuilderFactory to construct new HelpUrlsParse instance.

com.atlassian.jira.imports.project.mapper.ProjectImportIdMapper

#getValuesFromImport() removed.

Use #getRegisteredOldIds() (and #getKey() if needed) instead.

com.atlassian.jira.imports.project.mapper.ProjectRoleActorMapper

#getAllProjectRoleActors() removed.

Use the properly typed method #getProjectRoleActors() instead.

com.atlassian.jira.issue.comments.CommentManager

#getProjectRole(java.lang.Long) removed.

Use com.atlassian.jira.security.roles.ProjectRoleManager#getProjectRole(Long) instead.

com.atlassian.jira.issue.fields.layout.field.FieldLayoutStorageException

Whole class removed.

No replacement

com.atlassian.jira.issue.fields.rest.json.CommentBeanFactory

#createRenderedBean(com.atlassian.jira.issue.comments.Comment) removed.

Use #createRenderedBean(com.atlassian.jira.issue.comments.Comment, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.util.EmailFormatter) instead.

com.atlassian.jira.issue.index.ReindexAllCompletedEvent

  • #shouldUpdateReplicatedIndex()
  • #ReindexAllCompletedEvent(long)
  • #ReindexAllCompletedEvent(long, boolean, boolean)

removed.

Use #shouldNotifyCluster() instead.

Do not construct internal ReindexAllCompletedEvent class.

com.atlassian.jira.issue.index.ReindexAllStartedEvent

  • #shouldUpdateReplicatedIndex()
  • #ReindexAllStartedEvent()
  • #ReindexAllStartedEvent(boolean, boolean)
  • #ReindexAllStartedEvent(boolean, boolean, com.atlassian.jira.issue.index.IssueIndexingParams, com.atlassian.jira.config.ReindexMessage)

removed.

Use #shouldNotifyCluster() instead.

Don't construct internal ReindexAllStartedEvent class.

com.atlassian.jira.bc.project.version.VersionService

#delete(JiraServiceContext, ValidationResult) removed.

Use com.atlassian.jira.bc.project.version.VersionService#deleteVersionAndSwap instead.

com.atlassian.jira.bc.project.version.VersionService

#deleteVersion(ApplicationUser, Version, Option<Version>, Option<Version>) removed.

Use com.atlassian.jira.project.version.VersionManager#deleteVersionAndSwap instead.

com.atlassian.jira.bc.license.JiraLicenseService.ValidationResult

#getLicenseVersion() removed.

Use #getLicenseDetails().getLicenseVersion() instead.

com.atlassian.jira.bc.license.JiraLicenseService.ValidationResult

#getTotalUserCount() removed.

Use one of the following:

  • com.atlassian.jira.application.ApplicationAuthorizationService#getUserCount(ApplicationKey)

  • com.atlassian.jira.user.util.UserManager#getTotalUserCount()

com.atlassian.jira.bc.portal.PortalPageService

#updatePortalPageUnconditionally(com.atlassian.jira.bc.JiraServiceContext, com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.portal.PortalPage) removed.

Use one of the following:

  • #updatePortalPageOwner

  • #updatePortalPage

  • PortalPageManager#update

com.atlassian.jira.bc.project.version.VersionService

  • #validateVersionDetails(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.version.Version, java.lang.String, java.lang.String)
  • #validateReleaseDate(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.project.version.Version, java.lang.String)

removed.

Use #validateUpdate(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.bc.project.version.VersionService.VersionBuilder) instead.

com.atlassian.jira.bc.user.UserService

#validateRemoveUserFromApplication(com.atlassian.jira.user.ApplicationUser, com.atlassian.application.api.ApplicationKey) removed.

Use #validateRemoveUserFromApplication(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.user.ApplicationUser,com.atlassian.application.api.ApplicationKey) instead.

com.atlassian.jira.bc.customfield.CustomFieldDefinition

#CustomFieldDefinition() removed.

Use #builder() to construct the instance.

com.atlassian.jira.bc.issue.comment.CommentService

  • #isGroupVisiblityEnabled() renamed to #isGroupVisibilityEnabled()
  • #isProjectVisiblityEnabled() renamed to #isProjectRoleVisibilityEnabled()

removed.

Use method with the visiblity typo corrected to visibility.

com.atlassian.jira.bc.issue.comment.CommentService

#isValidCommentData(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue, java.lang.String, java.lang.String, com.atlassian.jira.util.ErrorCollection) removed.

Use
#isValidCommentVisibility(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.Issue, com.atlassian.jira.bc.issue.visibility.Visibility, com.atlassian.jira.util.ErrorCollection) instead.

com.atlassian.jira.bc.issue.comment.CommentService.CommentParameters

  • #getGroupLevel()
  • #getRoleLevelId()

removed.

Use the #getVisibility() method returning Visibility instance. Example of use that returns io.atlassian.fugue.Option<String> instance with appropriate group level value:
#getVisibility().accept(VisibilityVisitors.returningGroupLevelVisitor())

com.atlassian.jira.bc.issue.util.VisibilityValidator

  • #isProjectRoleVisiblityEnabled() renamed to #isProjectRoleVisibilityEnabled()
  • isGroupVisiblityEnabled() renamed to #isGroupVisibilityEnabled()

removed.

Use methods with the visiblity typo corrected to visibility.

com.atlassian.jira.bc.issue.util.VisibilityValidator

#isValidVisibilityData(com.atlassian.jira.bc.JiraServiceContext, java.lang.String, com.atlassian.jira.issue.Issue, java.lang.String, java.lang.String) removed.

Use #isValidVisibilityData(com.atlassian.jira.bc.JiraServiceContext, String, com.atlassian.jira.issue.Issue, com.atlassian.jira.bc.issue.visibility.Visibility) instead.

  • com.atlassian.jira.bc.issue.worklog.WorklogInputParameters
  • com.atlassian.jira.bc.issue.worklog.WorklogInputParametersImpl
  • #getGroupLevel()
  • #getRoleLevelId()

removed.

Use the #getVisibility() method returning Visibility instance.

Example of use that returns io.atlassian.fugue.Option<String> instance with appropriate group level value:
#getVisibility().accept(VisibilityVisitors.returningGroupLevelVisitor())

com.atlassian.jira.bulkedit.BulkOperationManager

#getBulkOperations() removed.

Use #getProgressAwareBulkOperations() instead.

com.atlassian.jira.bulkedit.BulkOperationManager

#addBulkOperation(String, Class) removed.

Use #addProgressAwareBulkOperation(String, Class) instead.

com.atlassian.jira.bulkedit.BulkOperationManager

#getOperation(String) removed.

Use #getProgressAwareOperation(String) instead.

com.atlassian.jira.bulkedit.operation.BulkOperation

Whole class removed.

Use com.atlassian.jira.bulkedit.operation.ProgressAwareBulkOperation instead.

com.atlassian.jira.config.ConstantsManager

#storeIssueTypes(java.util.List<org.ofbiz.core.entity.GenericValue>) removed.

Use #updateIssueType(String, String, Long, String, String, Long) or recalculateIssueTypeSequencesAndStore(java.util.List) instead.

com.atlassian.jira.config.properties.LookAndFeelBean

#getVersion() removed.

Use #getSettingsHash() to get the state of Look and feel.

com.atlassian.jira.config.properties.LookAndFeelBean

#updateVersion(long) removed.

Use #updateSettingsHash() instead.

com.atlassian.jira.config.SubTaskManager

#insertSubTaskIssueType(java.lang.String, java.lang.Long, java.lang.String, java.lang.String) removed.

Use #insertSubTaskIssueType(String,Long,String,Long) instead.

com.atlassian.jira.config.SubTaskManager

#updateSubTaskIssueType(java.lang.String, java.lang.String, java.lang.Long, java.lang.String, java.lang.String) removed.

Use #updateSubTaskIssueType(String,String,Long,String,Long) instead.

  • com.atlassian.jira.event.issue.IssueWatcherAddedEvent
  • com.atlassian.jira.event.issue.IssueWatcherDeletedEvent

#getUser() removed.

Use #getApplicationUser() instead

com.atlassian.jira.event.mail.EmailQueueFlashedEvent

Whole class removed.

Use #com.atlassian.jira.event.mail.EmailQueueFlushedEvent instead.

Deprecated audit API code:

  • com.atlassian.jira.auditing.AssociatedItem
  • com.atlassian.jira.auditing.ChangedValue
  • com.atlassian.jira.auditing.AuditingCategory
  • com.atlassian.jira.auditing.AuditingFilter
  • com.atlassian.jira.auditing.RecordRequest
  • com.atlassian.jira.auditing.AuditRecord

Whole classes removed from public API.

Use the following API code instead:

  • com.atlassian.audit.entity.AuditResource
  • com.atlassian.audit.entity.ChangedValue
  • com.atlassian.jira.auditing.AuditCategory
  • com.atlassian.audit.api.AuditQuery
  • com.atlassian.audit.entity.AuditEvent
  • com.atlassian.audit.entity.AuditEntity

For more details, refer to the migration guide.

  • com.atlassian.jira.bc.whitelist.WhitelistService
  • com.atlassian.jira.bc.whitelist.WhitelistManager

Whole classes removed.

Use com.atlassian.plugins.whitelist.WhitelistService and com.atlassian.plugins.whitelist.OutboundWhitelist instead.

  • com.atlassian.jira.issue.search.managers.IssueSearcherManager
  • com.atlassian.jira.issue.search.managers.SearchHandlerManager

#getSearcherGroups(com.atlassian.jira.issue.search.SearchContext) removed.

Use #getSearcherGroups() instead.

com.atlassian.jira.issue.search.managers.SearchHandlerManager

#getSearchersByClauseName(com.atlassian.jira.user.ApplicationUser, java.lang.String, com.atlassian.jira.issue.search.SearchContext) removed.

Use #getSearchersByClauseName(com.atlassian.crowd.embedded.api.User,String) instead.

com.atlassian.jira.issue.search.searchers.util.IndexedInputHelper

#getAllIndexValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.search.ClauseNames, com.atlassian.query.Query, com.atlassian.jira.issue.search.SearchContext) removed.

Use #getAllIndexValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser,com.atlassian.jira.issue.search.ClauseNames,com.atlassian.query.Query) instead.

com.atlassian.jira.issue.search.searchers.util.IndexedInputHelper

#getAllNavigatorValuesForMatchingClauses(com.atlassian.jira.user.ApplicationUser, com.atlassian.jira.issue.search.ClauseNames, com.atlassian.query.Query, com.atlassian.jira.issue.search.SearchContext) removed.

Use #getAllNavigatorValuesForMatchingClauses(ApplicationUser,com.atlassian.jira.issue.search.ClauseNames,com.atlassian.query.Query) instead.

com.atlassian.jira.issue.util.IssueUpdateBean

#getUser() removed.

Use #getApplicationUser() instead.

com.atlassian.jira.jql.query.AbstractLocalDateOperatorQueryFactory

Whole class removed.

Use com.atlassian.jira.jql.util.JqlLocalDateSupport#getLocalDatesFromQueryLiterals(java.util.List) instead.

com.atlassian.jira.jql.util.JqlIssueSupport

#getIssues(java.lang.String) removed.

Use #getIssue(java.lang.String) instead.

com.atlassian.jira.jql.util.JqlIssueSupport

#getIssues(java.lang.String, com.atlassian.jira.user.ApplicationUser) removed.

Use #getIssue(java.lang.String,com.atlassian.jira.user.ApplicationUser) instead.

com.atlassian.jira.license.LicenseDetails

#getLicenseStatusMessage(com.atlassian.jira.user.ApplicationUser, java.lang.String, com.atlassian.jira.user.util.UserManager)

#getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper, com.atlassian.jira.web.util.OutlookDate, java.lang.String, com.atlassian.jira.user.util.UserManager) removed.

Use #getLicenseStatusMessage(com.atlassian.jira.util.I18nHelper,UserManager) instead.

com.atlassian.jira.license.LicenseDetails

#isLicenseAlmostExpired() removed.

Use #getMaintenanceExpiryDate instead.

com.atlassian.jira.mention.MentionService

#sendCommentMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.comments.Comment, com.atlassian.jira.issue.comments.Comment) removed.

Use #sendCommentMentions(Set,ApplicationUser,Comment,Comment) instead.

com.atlassian.jira.mention.MentionService

#sendIssueCreateMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.Issue) removed.

Use #sendIssueCreateMentions(Set,ApplicationUser,Issue) instead.

com.atlassian.jira.mention.MentionService

#sendIssueEditMentions(com.atlassian.jira.user.ApplicationUser, java.util.Set<com.atlassian.jira.notification.NotificationRecipient>, com.atlassian.jira.issue.Issue, com.atlassian.jira.issue.comments.Comment) removed.

Use #sendIssueEditMentions(Set,ApplicationUser,Issue,Comment) instead.

com.atlassian.jira.permission.PermissionSchemeManager

#getEntitiesByType(org.ofbiz.core.entity.GenericValue, com.atlassian.jira.security.plugin.ProjectPermissionKey, java.lang.String) removed.

Use #getPermissionSchemeEntries(long,com.atlassian.jira.security.plugin.ProjectPermissionKey,String) instead.

com.atlassian.jira.permission.PermissionSchemeManager

#getGroups(java.lang.Long, com.atlassian.jira.project.Project) removed.

Use #getGroups(ProjectPermissionKey,Project) instead.

com.atlassian.jira.plugin.keyboardshortcut.KeyboardShortcutManager

#getActiveShortcuts() removed.

Use #listActiveShortcutsUniquePerContext instead.

com.atlassian.jira.plugin.webfragment.conditions.AbstractJiraPermissionCondition

Whole class removed.

Use AbstractPermissionCondition instead.

com.atlassian.jira.plugin.webfragment.conditions.AbstractPermissionCondition

Whole class removed.

Use AbstractProjectPermissionCondition instead.

com.atlassian.jira.project.type.ProjectTypesEnabledCondition

Whole class removed.

No replacement.

com.atlassian.jira.issue.table.IssueTable provided by jira-api

Whole class removed.

Use com.atlassian.jira.issue.table.IssueTable provided by jira-issue-nav-plugin instead.

com.atlassian.jira.rest.Dates.DateAdapter

com.atlassian.jira.rest.Dates.DateTimeAdapter

Whole classes removed.

For marshalling and unmarshalling, use the Jackson-friendly serializers and deserializers:

@JsonSerialize(using = Dates.DateSerializer.class)

@JsonDeserialize(using = Dates.DateDeserializer.class)

com.atlassian.jira.rest.v2.issue.project.ProjectRoleBean

Whole classes removed.

Use com.atlassian.jira.rest.api.project.ProjectRoleBean instead.

com.atlassian.jira.rest.v2.issue.project.RoleActorBean

Whole classes removed.

Use com.atlassian.jira.rest.api.project.RoleActorBean instead.

com.atlassian.jira.rest.v1.model.ValueCollection

Whole classes removed.

No replacement.

com.atlassian.jira.testkit.client.restclient.Response provided by jira-testkit-client

The class has been deprecated.

Use com.atlassian.jira.testkit.client.restclient.ParsedResponse instead.

com.atlassian.jira.testkit.client.RestApiClient

#toResponse() accepts RestCall functional interface.

Use new RestCall interface or lambda in place of Method interface.

com.atlassian.jira.avatar.AvatarManager

#getAvatarBaseDirectory removed.

Use #readAvatarData() to access avatar data directly.

com.atlassian.jira.util.AttachmentConfig

Whole classes removed.

Use AttachmentConfigManager#getTemporaryAttachmentDirectory() instead.

com.atlassian.jira.issue.attachment.AttachmentStore

Whole classes removed.

Use alternative methods provided by:

AttachmentManager

ThumbnailManager

AttachmentConfigManager

com.atlassian.jira.util.AttachmentUtils

Whole classes removed.

To create, read, or delete attachment and thumbnail data directly, use the methods available in AttachmentManager and ThumbnailManager.

To find the temporary attachment directory, use AttachmentConfigManager#getTemporaryAttachmentDirectory().

The attachment and thumbnail directories for a particular issue are no longer exposed. Instead, use:

getThumbnailDirectory()

getAttachmentDirectory().

To manage individual attachments or store other data elsewhere, use:

AttachmentManager

ThumbnailManager.

getAttachmentStore() - AttachmentStore has been removed.

Instead of getTemporaryAttachmentDirectory(), use AttachmentConfigManager#getTemporaryAttachmentDirectory().

Instead of getAttachmentFile and getThumbnailFile methods, use AttachmentManager and ThumbnalManager. For example AttachmentManager#streamAttachmentContent.

The following checks can be omitted: checkValidAttachmentDirectory and checkValidTemporaryAttachmentDirectory. Jira checks the validity of paths during startup.

AttachmentManager

#attachmentsEnabled() removed.

Use AttachmentConfigManager#isAttachmentsEnabled() instead.

AttachmentManager

#disableAttachments() removed.

No replacement.

AttachmentManager

#createAttachmentCopySourceFile and previously deprecated overloads of #createAttachment removed.

Use #createAttachment(CreateAttachmentParamsBean) instead.

com.atlassian.jira.issue.attachment.CreateAttachmentParamsBean

#CreateAttachmentParamsBean removed.

Use the provided builder
com.atlassian.jira.issue.attachment.CreateAttachmentParamsBean.Builder instead.

AttachmentManager

#deleteAttachmentDirectory(Issue) removed.

To delete an issue, use IssueManager#deleteIssue instead.

com.atlassian.jira.issue.IssueInputParameters

#addProperty(String propertyKey, JsonNode propertyValue) changed to #addProperty(String propertyKey, String propertyValue).

#properties() now returns Map<String, String> instead of Map<String, JsonNode>

Serialize the value before passing to the method and deserialize after reading it.

com.atlassian.jira.issue.UpdateIssueRequest

#getProperties() now returns Map<String, String> instead of Map<String, JsonNode>

#UpdateIssueRequestBuilder#issueProperties now accepts Map<String, String>

Serialize the value before passing to the method and deserialize after reading it.

com.atlassian.jira.issue.util.IssueUpdateBean

#getProperties now returns Map<String, String>

#addProperties now accepts Map<String, String>

Serialize the value before passing to the method and deserialize after reading it.

com.atlassian.jira.bc.issue.IssueService.CreateValidationResult

constructor now accepts Map<String, String>

#getProperties now returns Map<String, String>

Serialize the value before passing to the method and deserialize after reading it.

com.atlassian.jira.bc.issue.IssueService.UpdateValidationResult

constructor now accepts Map<String, String>

#getProperties now returns Map<String, String>

Serialize the value before passing to the method and deserialize after reading it.

com.atlassian.configurable.ObjectConfigurationFactory

#loadObjectConfigurationFromElement now accepts com.atlassian.plugin.module.Element instead of org.dom4j.Element

Use the new type in method calls.

com.atlassian.jira.issue.fields.rest.IssueFinderV2

#findIssue(String) now returns io.atlassian.fugue.Either instead of com.atlassian.fugue.Either

Replaced class is equivalent.

com.atlassian.jira.config.util
AttachmentPathManager

Whole class removed.

Use the methods available in AttachmentManager to create/read/delete attachment data directly. For the settings related methods, use the new endpoints provided in AttachmentConfigManager.

com.atlassian.jira.testkit.client.AttachmentsControl

com.atlassian.jira.testkit.plugin.AttachmentsBackdoor)

Whole classes removed.

Use com.atlassian.jira.functest.framework.backdoor.AttachmentFileControl in jira-func-tests (which requires the jira-func-test-plugin to be installed). It provides storage-agnostic alternative methods to allow copying and clearing attachments.

com.atlassian.jira.bc.dataimport.DataImportParams


#isUseDefaultPaths

Builder#setUseDefaultPaths

This option is no longer supported.

com.atlassian.jira.web.action.JiraWebActionSupport

The class is now abstract.

Extend the class to provide your implementation.

Breaking changes to the REST API

In this release, we’ve removed a set of REST API endpoints that have been deprecated since Jira Software 9.x.

See the full list of changes

Here’s what’s been changed:

Change

Instructions

Removed private endpoint POST /api/1.0/user/{username}/avatar/{avatarid} provided by com.atlassian.jira.rest.v1.users.UserResource

Use PUT /rest/api/2/user/avatar provided by com.atlassian.jira.rest.v2.issue.UserResource#updateUserAvatar instead.

Removed private endpoint GET globalconfig/1/issuecustomfields/{issue} provided by com.atlassian.jira.projectconfig.rest.global.IssueCustomFieldsResource#getAffectedProjects

No replacement.

Removed private endpoint POST globalconfig/1/customfieldoptions/{customFieldId}/ provided by com.atlassian.jira.projectconfig.rest.global.CustomFieldOptionsResource#setOptions

Use POST globalconfig/1/customfieldoptions/{customFieldId}/setOptions provided by com.atlassian.jira.projectconfig.rest.global.CustomFieldOptionsResource#setOptionsForCustomField instead.

/greenhopper/1.0/api/sprints/{sprintId}/remotelink provided by com.atlassian.greenhopper.web.api.RemoteSprintLinkResource#createOrUpdateRemoteSprintLink

Use greenhopper/1.0/api/sprints/{sprintId}/remotelinkchecked provided by com.atlassian.greenhopper.web.api.RemoteSprintLinkResource#createRemoteSprintLinkChecked instead.

Removed public endpoints:

  • GET /rest/api/2/auditing/record

  • POST /rest/api/2/auditing/record

Use the following endpoints instead:

  • GET /rest/auditing/1.0/events

  • GET /rest/auditing/1.0/configuration/coverage

  • GET /rest/auditing/1.0/configuration/retention

  • GET /rest/auditing/1.0/configuration/retention/file

Removed public endpoint GET /rest/api/2/group provided by com.atlassian.jira.rest.v2.issue.GroupResource#getGroup

Use GET /rest/api/2/group/member provided by com.atlassian.jira.rest.v2.issue.GroupResource#getUsersFromGroup.

Removed public endpoint DELETE /rest/api/2/version/{id} provided by com.atlassian.jira.rest.v2.issue.VersionResource#delete(java.lang.String, java.lang.String, java.lang.String)

Use POST /rest/api/2/version/{id}/removeAndSwap provided by com.atlassian.jira.rest.v2.issue.VersionResource#delete(String, DeleteAndReplaceVersionBean).

Note that the replacement endpoint doesn't publish the jira:version_merged webhook event.

JIRA SERVICE MANAGEMENT Removed GET /servicedeskapi/queues/{projectKey}

Use GET /servicedeskapi/admin/queues/{projectKey} instead.

JIRA SERVICE MANAGEMENT Removed PUT /servicedeskapi/queues/include-count

Use PUT /servicedeskapi/admin/queues/include-count instead.

JIRA SERVICE MANAGEMENT Removed PUT /servicedeskapi/queues/{projectKey}/include-count


Use PUT /servicedeskapi/admin/queues/{projectKey}/include-count instead.

JIRA SERVICE MANAGEMENT Removed PUT /servicedeskapi/queues/cache-count

Use PUT /servicedeskapi/admin/queues/cache-count instead.

JIRA SERVICE MANAGEMENTRemoved PUT /servicedeskapi/queues/{projectKey}/cache-count

Use PUT /servicedeskapi/admin/queues/{projectKey}/cache-count instead.

The GET rest/api/2/serverInfo endpoint no longer supports the doHealthCheck parameter and does not include the healthChecks field in the response.

Use jira-healthcheck-plugin instead.

Removed GET rest/api/1.0/endpoint

No replacement.

Removal of dependencies

In this release, we’ve removed access to a number of dependencies.

See the full list of changes

Here’s what’s been changed:

Dependency

Java packages

nekohtml:nekohtml

org.cyberneko.html
org.cyberneko.html.*

commons-validator:commons-validator

org.apache.commons.validator
org.apache.commons.validator.*

com.atlassian.scala.plugins:scala-2.11-provider-plugin

scala.*

com.atlassian.scala.plugins:scala-2.10-provider-plugin

scala.*

com.atlassian.scala.plugins:jackson-module-scala-2.10-provider-plugin

com.fasterxml.jackson.module.scala2_10

io.atlassian.fugue:fugue-scala

io.atlassian.fugue.converters

commons-daemon:commons-daemon

org.apache.commons.daemon.*

org.apache.tomcat:tomcat-coyote

org.apache.coyote.*

commons-el:commons-el

org.apache.commons.el.*

org.apache.tomcat:tomcat-jasper

org.apache.jasper.*

org.apache.tomcat:tomcat-juli

org.apache.juli
org.apache.juli.logging

org.apache.tomcat:*

org.apache.tomcat
org.apache.catalina

org.apache.tika:tika-core
org.apache.tika:tika-*

org.apache.tika
org.apache.tika.*

org.apache.xmlgraphics:batik-transcoder
org.apache.xmlgraphics:batik-codec
org.apache.xmlgraphics:batik-js
org.apache.xmlgraphics:batik-svggen
org.apache.xmlgraphics:fop

org.apache.batik
org.apache.batik.*

com.querydsl:querydsl-core
com.querydsl:querydsl-sql

com.mysema.commons.lang
com.querydsl.core
com.querydsl.core.*

commons-configuration:commons-configuration

org.apache.commons.configuration
org.apache.commons.configuration.beanutils

org.apache.commons:commons-collections4

org.apache.commons.collections4

com.thoughtworks.xstream:xstream

com.thoughtworks.xstream
com.thoughtworks.xstream.*

org.apache.commons:commons-dbcp2

org.apache.commons.dbcp2
org.apache.commons.dbcp2.cpdsadapter
org.apache.commons.dbcp2.datasources
org.apache.commons.dbcp2.managed

com.sun.syndication:com.springsource.com.sun.syndication

com.sun.syndication.feed.*
com.sun.syndication.io.*

rome:rome

com.sun.syndication.feed.*
com.sun.syndication.io.*

commons-discovery:commons-discovery

org.apache.commons.discover.jdk
org.apache.commons.discovery.*

commons-jexl:commons-jexl

org.apache.commons.jexl.*

commons-jrcs:commons-jrcs

org.apache.commons.jrcs.*

com.github.rholder:guava-retrying

com.github.rholder.retry.*

org.dom4j:dom4j

org.dom4j.*

opensymphony:sitemesh

com.opensymphony.module.*
com.opensymphony.sitemesh.*

org.jdom:jdom

org.jdom.*

commons-pool:commons-pool

org.apache.commons.pool.*

org.tuckey:urlrewritefilter

org.tuckey.web.filters.urlrewrite.*

org.springframework.security:spring-security-core

org.springframework.security.*

com.atlassian.p4package:atlassian-p4package

com.perforce.api

commons-beanutils:commons-beanutils

org.apache.commons.beanutils
org.apache.commons.beanutils.*

org.apache.commons:comons-compress

org.apache.commons.compress
org.apache.commons.compress.*

com.sun:jai_core

com.sun.media.jai.*
javax.media.jai
javax.media.jai.*

com.sun:jai_codec

com.sun.media.jai.*

wsdl4j:wsdl4j

com.ibm.wsdl
com.ibm.wsdl.*
javax.wsdl
javax.wsdl.*

com.atlassian.fugue:fugue

com.atlassian.fugue.*

org.dom4j:dom4j

org.dom4j.*

Removal of binary installers

Starting from Jira 10.0, the .bin and .exe installers will no longer be available. You can still install Jira using the .zip and .tar.gz distributions.

Because of this change, Java is no longer bundled with Jira. Install Java manually

Jira Software and Jira Core dialogs migrated to AUI Dialog 2

This is still a work in progress. You can expect to see the full removal of AUI Dialog 1 from the Jira codebase by the upcoming LTS release.

Jira Software and Jira Core currently stand with significant majority of the components migrated to use AUI Dialog 2. AUI Dialog 1 will be removed from Jira completely by the upcoming LTS release. If your app uses that component, make sure to migrate to AUI Dialog 2.

Application Links compatibility

Starting from Jira 10.0, Application Links are only backward-compatible with products that have integrated a particular bug fix addressing incorrect Application Links version parsing. To enable Application Links to function properly, make sure to upgrade any other Atlassian products to a minimum supported version:

Jira Software

Jira Service Management

Confluence

Bitbucket

Bamboo

Crowd

Fisheye and Crucible

  • 9.4.24

  • 9.12.12

  • 9.17.1

  • 10.0.0

  • 5.4.24

  • 5.12.12

  • 5.17.1

  • 10.0.0

  • 7.19.25

  • 8.5.12

  • 8.9.4

  • 9.0.0

  • 8.9.15

  • 8.19.4

  • 9.0.0

  • 9.2.15

  • 9.6.3

  • 10.0.0

  • 5.11.1

  • 5.2.6

  • 5.3.2

  • 6.0.0

  • 4.8.6

  • 4.9.0

Velocity path traversal prevention and allowlisting

We've upgraded Velocity to the Atlassian fork to implement path traversal prevention and allowlisting. The path traversal mechanism will escape any method call which contains parameter with path traversal symbols like ../. The method call will appear as a string on the front-end side.

Velocity template method invocations are now restricted to an allowlist. Unauthorized invocations will trigger a log warning and will be blocked to mitigate Server-Side Template Injection (SSTI) vulnerabilities. The global method allowlists encompass JDK and Atlassian class methods. Apps have the option to define their own allowlist using the module descriptor which will complement the global allowlist. We recommend that apps only expose immutable Data Transfer Objects (DTOs) and refrain from invoking application services or beans from templates.

Furthermore, all Velocity template files residing on the file system must be both allowlisted and of an allowlisted file type. This serves as a basic defense against attacks that combine file system access with a request to achieve remote code execution.

For now, the Velocity method allowlist is in debug mode so that app developers can adjust to this mechanism and for us to complete the main allowlist and minimize the risk of issues. The debug mode will be disabled at the earliest in the upcoming LTS.

Updates to database schema

We’ve updated the created column in the changegroup, jiraissue, and jiraaction tables to support millisecond precision. This change affects Oracle and MySQL databases only. No action is required—the schema will be automatically migrated upon restart.

Removal of the jira-func-tests-legacy module

We’ve removed the deprecated com.atlassian.jira:jira-func-tests-legacy module. Migrate your code from BaseJIRAWebTest (JUnit 3) to FuncTestCase (JUnit 4+).

Disabling the runtime JavaServer Pages compilation

JavaServer Pages (JSP) runtime compilation will be disabled in Jira Software 10.0. JSP files added to the Tomcat directory that aren't shipped with the product won’t be served. Furthermore, no modifications to the JSP files will be reflected. We recommend using Soy or Velocity templates instead.

Custom JSPs are blocked unless loaded by an action

We’ve blocked direct requests to JSP files. JSP files can now be only loaded when requested by an action.

Unbundling of atlassian-frontend-runtime-plugin

We’ve unbundled the atlassian-frontend-runtime-plugin provided common polyfills and the regenerator-runtime web resource. Since none of the supported browsers need these polyfills any longer and the plugin has been deprecated since Jira Software 9.2.0, we’ve removed it in Jira Software 10.0.

If your code is still using any web resources from this plugin, the following warnings may appear in your Jira logs:

This webresource is empty! All supported browsers no longer need these polyfills. Please remove your dependency on the "atlassian-frontend-runtime-plugin".

or

This webresource is deprecated and will soon be removed! All supported browsers no longer need the runtime. Please rebuild your sources without expecting the "regenerator-runtime" to be available.

The former babel-polyfill, core-js, custom-elements-v1, fetch, and focus-visible were already empty web resources, while the regenerator-runtime was still provided.

Deprecation of jquery-migrate 1.x

We’re upgrading jQuery and as part of that effort, we’ve deprecated jquery-migrate 1.x in Jira Software 10.0 and removed it from the superbatch Web Resource.

While jquery-migrate can still be loaded using certain Web Resource Keys (such as com.atlassian.plugins.jquery:jquery or com.atlassian.plugins.jquery:jquery-migrate), we advise against this.

For more information on the deprecation of jquery-migrate 1.x, visit the jQuery upgrade guide. For queries about jquery-migrate 1.x warnings, refer to jQuery migrate warnings. For future jQuery updates, refer to the 3.0 and 3.5 upgrade guides.

Centralized dependency management

Centralized dependency management in Jira Software 10 introduces a set of Maven POM files known as a Bill of Materials (BOM) which list the dependencies available to third-party apps.

This system aims to streamline responding to security threats and enhance efficiency of developing for Jira by ensuring that dependencies are uniform and up to date. This approach minimizes runtime errors such as NoSuchMethodException and allows for quicker responses to security vulnerabilities within these dependencies.

See more details
There are multiple BOM files, each serving different functions:
  • jira-api-bom: This BOM is designed for external products. It offers a centralized location for managing the dependencies of external products, ensuring that they’re using the correct, up-to-date versions of dependencies.
  • jira-deprecated-api-bom: This BOM lists libraries that may undergo changes or be removed from the public Bill of Materials in future updates.
  • jira-internal-bom: This BOM is intended for internal products. It provides a centralized location for managing internal dependencies, ensuring consistency across all internal products.
  • jira-bundled-plugins-bom: This BOM manages the versions of apps bundled with Jira.

Using artifacts for version management

BOMs (Bill of Materials) are Maven modules of the pom packaging type, which are designed to facilitate the management of imported dependencies as detailed in the Maven documentation.

Each BOM contains dependency management sections rather than direct dependencies. To use a BOM, you should first include it as a dependency with the import scope. For example:

1 2 3 4 5 6 7 <dependency> <groupId>com.atlassian.jira</groupId> <artifactId>jira-api-bom</artifactId> <version>${jira.version}</version> <type>pom</type> <scope>import</scope> </dependency>

Subsequently, other dependencies should be explicitly defined manually with the scope provided, omitting version specifications. The versions will be configured through the imported BOM artifacts. For example:

1 2 3 4 5 <dependency> <groupId>com.atlassian.security</groupId> <artifactId>atlassian-secure-utils</artifactId> <scope>provided</scope> </dependency>

Adopting centralized BOMs in app development

To adopt centralised BOMs:

  1. Remove the jira-project dependency management import.

  2. Add jira-api-bom as a dependency with scope import.

  3. Consider adding jira-deprecated-api-bom if needed, but note that these dependencies are marked as deprecated and will be removed in future versions.

  4. Remove redundant dependency management sections from your poms (for artefacts covered by the BOM).

  5. Since BOM doesn't define scope, if your dependency management section used to contain scope definition, you must now add it to the actual dependency declaration.

  6. Conduct deep analysis of the dependency tree to ensure all dependencies are correctly managed, and no discrepancies exist between versions. All dependencies listed in the BOM files.

  7. Ensure that dependencies, especially those in the provided scope, don't have a version field to allow the central pom to define it. This ensures consistency and prevents runtime issues.

Changes to supported platforms

See what changes have been made to supported platforms in this Jira release. For more details, check out Supported platforms.

End-of-support announcements

We’ve removed support for:

  • .bin and .exe binary installers
  • H2 database engine
  • Java 8
  • Java 11

We’ve unbundled:

  • Java (due to the binary installers removal)

 App developers

For any important changes regarding apps, check out the Jira changelog.

FAQ for app developers

Based on your feedback from the Developer Community announcement of Jira Software 10.0, we’ve prepared a list of frequently asked questions.

See the full list

Question

Answer

Is there a way to customize or override the Jackson ObjectMapper used in plugin REST v2?

Currently it’s not possible for plugins to customize REST’s ObjectMapper config.

We encountered some issues regarding our REST endpoints that use the @Autowired annotation on the constructor. That results in warnings like:

MultiException stack 1 of 2 java.lang.NoSuchMethodException: Could not find a suitable constructor in de.resolution.usersync.rest.NotificationRestResource class.

This can be mitigated using @Inject instead.

However, to our knowledge, both annotations should work the same. Was this an intentional change?

This was an intentional change. REST resource classes are instantiated by HK2 in Jersey 2, hence Spring’s @Autowired won't work.

Which Testkit should I use?

Use the 10.0.3 jira-testkit.

My method invocations are blocked, even though I have them allowlisted. Why?

Plugins may define their own allowlist using this module descriptor which will supplement the global allowlist. Plugins can only define allowlist entries for their own classes.

More details: Configuring the Velocity method allowlist

It looks like REST v2 in the latest EAP supports only @Inject (javax.inject.Inject) for resource constructors and doesn’t support the Spring @Autowired annotation. Is this intentional?

Yes, this is intentional. We dropped support for the Spring @Autowired annotation and decided to migrate to @Inject (javax.inject.Inject), because @Autowired is Spring-specific and javax.inject.Inject is part of a standard (Java EE / Jakarta EE - JSR-330). Relying on the standard rather than on a specific implementation provides us with more options for the future.

We’re currently testing Jira 10.0 and the AITs Arquillian didn't work with JDK 17, any idea why?

All the tests work with JDK 8 or JDK 9, and when I change to JDK 17, the tests don't start.
The error:

java.io.StreamCorruptedException: invalid stream header: 0A0A0A0A at java.base/java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:958) at java.base/java.io.ObjectInputStream.<init>(ObjectInputStream.java:392) at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.execute(ServletMethodExecutor.java:173) at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor$1.run(ServletMethodExecutor.java:221) at java.base/java.util.TimerThread.mainLoop(Timer.java:566) at java.base/java.util.TimerThread.run(Timer.java:516) andjava.lang.IllegalStateException: Error launching test at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.invoke(ServletMethodExecutor.java:100) at org.jboss.arquillian.container.test.impl.execution.RemoteTestExecuter.execute(RemoteTestExecuter.java:103) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105) at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62) at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:52) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed

Check Jira logs. invalid stream header is usually an indicator that test “plugin” has failed to install.

This library is effectively no longer maintained as it's not really used internally at Adaptavist anymore.

There is a suggested workaround here: java.io.StreamCorruptedException: invalid stream header: 0A0A0A0A error in some Arqullian testsbug

What version of atlassian-plugins will this release ship with? We need version 8.0.15+ for our app to run as we utilize new APIs.

atlassian-plugins will be version 8.0.15 in the new release.

“The global object GH.RapidBoard is deprecated.” — what does it mean?

Will the GH be removed? Will there be a way to access it?

We’re not planning to remove global variables in this platform release (10.0.0). At the same time, we’re committed to reducing the tech debt and introducing improvements to the Jira front-end tech stack and UI. Global variables tend to be an obstacle in such projects. We communicated the long-term take on global variables in Preparing for Jira 8.0.1 and reinforced that message later too.
The most recent effort in that area was in JSW 9.7.1.
You can read more about the migration from global variables to AMD modules on this page. It was published in 2019 but the gist is intact. These are the key points:

  • All supported functionality should be already available in a form of AMD modules (vs. global variables).

  • All possible usage of globals is considered as deprecated and developers should have a plan to move to alternative solutions (AMD modules).

  • Global variables that provide support for supported functionality will be removed only when an alternative solution for that piece of functionality is in place, and with proper notice beforehand. We may remove globals without the alternative solution in place for unsupported functionality, in platform releases, or for security reasons.

  • We cannot promise that in the future all AMD modules will be a part of the API.

  • Once we decide to remove a particular subset of globals, we will provide a detailed migration documentation, containing removed globals list and their AMD module names equivalents.

Known issues

Redirect behavior of Stronger Defaults

To optimize the user experience requests are redirected (HTTP 302) to the login page when a security clearance requirement isn't met. This doesn’t apply to REST endpoints as they're intended for machines and programmatic use cases. For those, REST requests are rejected (HTTP 401/403). However, if your code is making a call to a non-REST endpoint, you need to handle the redirection case. Otherwise, your code can interpret the login page as the expected data and throw a parsing error.

We’re planning to improve this behavior in a future release by examining the Accept header before deciding whether to redirect or reject a request.

Automation for Jira 9.0.1 upgrade

If at some point you’ve used Automation for Jira version 9.0.1 and try to upgrade from Jira 8.20.x or later to Jira 10.0, you might experience issues around automation rules (such as not being allowed to enable, disable, or publish automation rules). Learn more about this issue

To fix this issue, you need to run the relevant SQL scripts manually in the Jira database:

  1. Stop the Jira application.
  2. Back up the database.
  3. Download the relevant script file for the type of database used by the Jira application as per step 5 in Upgrading to Automation for Jira 7.3.
  4. Run the script on the Jira database.
  5. Start the Jira application.

Important notice for MSSQL users

When upgrading to Jira 10.0.1, you'll experience an error that prevents Jira from starting. This issue is already fixed in Jira 10.1.1, that's why we recommend skipping 10.0.1 and upgrading directly to a newer Jira version.

The issue is related to a change in the default value of the encrypt connection parameter in the JDBC driver for MSSQL:

  • Previous driver version (9.2.1): The default value for the encrypt parameter was false.
  • Driver version in Jira 10.0.1 (12.6.3.jre11): The default value for the encrypt parameter is now true.

Resolution

To resolve this issue, you need to explicitly set the encrypt parameter to false in your database connection string. Update the dbconfig.xml file as follows:

  1. Open the dbconfig.xml file located in your Jira home directory.
  2. Locate the connection string for your MSSQL database.
  3. Modify the connection string to include the parameter encrypt=false.
    Example: <url>jdbc:sqlserver://your-database-server:1433;databaseName=your-database-name;encrypt=false;</url>
  4. Save the changes and restart your Jira instance.

By following these steps, Jira should start without issues after the upgrade. We recommend removing the additional parameter after upgrading to a newer Jira version to keep the dbconfig.xml file clean.

Upgrade procedure

Before you upgrade, check app compatibility by visiting Checking app compatibility with application updates or the Atlassian Marketplace to see if your app hosting is compatible with your product version.

Upgrading from Jira version 9.x.x? 

  • See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps. 
  • For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.
Last modified on Oct 11, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.