Jira Software 10.2.x upgrade notes

Here are some important notes on upgrading to Jira Software 10.2.x. For details of the new features and improvements in this release, see the Jira Software 10.2 release notes.

Upgrade notes

New login experience with two-step verification

To improve the security of the Jira login experience, we’ve added a second authentication layer. If you experience any issues with the new login process, you can switch to the legacy login experience by setting the JVM system property atlassian.authentication.legacy.mode to true.

Keep the database password secure in the secret storage

We're now using the secret storage to secure the database password. After the upgrade, or during the zero-downtime upgrade (ZDU), we'll read the password from the dbconfig.xml file, encrypt it, store it in the secret storage and replace the password in the dbconfig.xml file with the placeholder: {ATL_SECURED}. If the password was previously stored in plaintext, you can expect the following logs:

 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Secret Service is enabled
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Detected new password in the xml file, that hadn't been encrypted by Secret Service
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Trying to get password from xml and decrypt it with legacy Secret Store Provider
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Database password decryption not performed.
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Getting plaintext password from config, encrypting it and storing in Secret Service.
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Secret Service is enabled
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Storing encrypted database password in Secret Service
 main INFO      [c.a.j.config.database.DatabaseConfigHandler] Replacing the password in config with {ATL_SECURED}

The dbconfig.xml file will contain: <password>{ATL_SECURED}</password>.

In case of a ZDU rollback, you need to edit the dbconfig.xml file on every node that was upgraded and change the password back to the plaintext password.

If the password is secured with the Secret Store Provider, the secret will be located in the secret storage, but we won’t replace the password in the dbconfig.xml file and we’ll use the secret store provider to encrypt and decrypt the password.

Starting from Jira 10.2.1:

  • If the password is encrypted with the Secret Store Provider, the AES encryption, or a custom implementation, we'll decrypt the password, store it in the Secret Storage and replace the password in the dbconfig.xml file with {ATL_SECURED}.
  • If the password is encrypted with the Secret Store Provider, the AWS Secrets Manager, or HashiCorp Vault, we'll keep it as the encryption method and won’t use the Secret Storage for handling the password.

Ignore warnings from Atlassian Package Scanner

Atlassian Package Scanner verifies if there are no .jar files providing the same package, potentially with a different version. After you upgrade to Jira Software Data Center 10.2 or Jira Service Management Data Center 10.2, Atlassian Package Scanner will notify you about packages with the same content provided by different .jar files.

This is due to Embedded Crowd still migrating to the new version of the platform and still using password-cipher, while Jira has already moved to atlassian-secrets but still has to provide password-cipher for backwards compatibility. atlassian-secrets embeds password-cipher, which is why Atlassian Package Scanner notices them, but since the content is the same, the following warnings may be safely ignored (note the duplicated lines — those appear because the .jar files are placed both in /lib and atlassian-jira/WEB-INF/lib):

Note that the full warning comes with the details about the exact location of the scanned files:

JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-api-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-api-1.4.0.jar and atlassian-secrets-api-5.0.4.jar

Note that the full warning comes with the details about the exact location of the scanned files:

2024-10-17 09:31:28,389+0000 JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
      '/tmp/jira/lib/atlassian-secrets-api-5.0.4.jar'
      '/tmp/jira/lib/password-cipher-base-1.4.0.jar'

Changes to supported platforms

There are no supported platforms changes in this Jira release. For more details, check out Supported platforms.

 App developers

See Preparing for Jira 10.2 for any important changes regarding apps.

 Upgrade procedure

Upgrading from Jira version 9.x.x? 

  • See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps. 
  • For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.
Last modified on Dec 3, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.