Jira Software 8.13.x upgrade notes
Here are some important notes on upgrading to Jira Software 8.13.
For details on the new features and improvements in this release, see the Jira Software 8.13.x release notes.
Upgrade notes
8.13.12: Support for PostgreSQL 12 and Amazon Aurora PostgreSQL 12
Jira Software 8.13.12 adds support for PostgreSQL 12 (Server and Data Center) and Amazon Aurora PostgreSQL 12 (Data Center only). Additionally, this version of Jira Software is tested and bundled with version version 42.2.23 of the PostgreSQL JDBC driver.
Jira Software 8.13.12 has a known issue, where the Supported database health check fails incorrectly on instances of Jira running on PostgreSQL 12. We are working on delivering a fix as soon as possible.
8.13.9: Bundled JRE disables secure connections to MySQL Community Edition 5.7.27 or older over TLS versions 1 and 1.1
Jira Software 8.13.9 binary installers are bundled with the AdoptOpenJDK 8u291 JRE, which ships with TLS versions 1 and 1.1 disabled by default. This prevents secure connections with MySQL Community Edition 5.7.27 or older compiled with yaSSL.
You're not affected by this issue if:
- You’re running MySQL Enterprise Edition
- You’re running MySQL Community Edition 5.7.27 compiled with OpenSSL
- You haven’t enabled secure connections in MySQL Community Edition
- You’re running Jira using a JRE version lower than 8u291 or 11.0.11
To ensure that Jira can establish a secure connection with your MySQL database after the upgrade, switch to a version of MySQL Community Edition that supports TLS 1.2. You can choose one of the following solutions:
Recommended solution: Upgrade to MySQL Community Edition 5.7.28 or newer
Because the binary distributions of MySQL Community Edition 5.7.27 and older are compiled with yaSSL, they do not support TLS 1.2 by default. We recommend that you upgrade to MySQL Community Edition 5.7.28 or newer (this version uses the OpenSSL library), and then allow secure connections over TLS 1.2 by either:
- Upgrading the MySQL Connector/J driver to version 8.0.19 or newer.
- Adding the
enabledTLSProtocols=TLSv1.2
parameter to the MySQL JDBC connection string indbconfig.xml
.
For more information, see:
Solution 2: Recompile MySQL Community Edition 5.7.27 or older with OpenSSL
Alternatively, you can recompile version MySQL Community Edition 5.7.27 or older with OpenSSL, and then allow secure connections over TLS 1.2 by either:
- Upgrading the MySQL Connector/J driver to version 8.0.19 or newer.
- Adding the
enabledTLSProtocols=TLSv1.2
parameter to the MySQL JDBC connection string indbconfig.xml
.
For more information, see:
- MySQL 5.7 Reference Manual — 2.9.6 Configuring SSL Library Support
- Connecting Jira applications to MySQL 5.7
Solution 3: Re-enable TLS 1 and 1.1 in Java
The TLS 1 and 1.1 protocols are insecure. Atlassian does not recommend using this solution in the long term.
If required, you can re-enable support for TLS 1 and TLS 1.1 in Java by removing the TLSv1
and TLSv1.1
entries from the jdk.tls.disabledAlgorithms
property in <JAVA_HOME>/lib/security/java.security
.
8.13.7: Changes in startup files
We've changed several startup files to change the format of GC logs produced by Jira while running with Java 11. Without the change, the logs are impossible to parse with the GCViewer tool and can be frustrating for an admin to work with.
We've changed the time,uptime
to tags,time,uptime,level
in the following files:
bin/set-gc-params.sh
file on Linuxbin/set-gc-params.bat
file on Windowsbin/set-gc-params-service.bat
file on Windows
If you don't have any custom changes in those files, you don't need to take any cation. If you do, you'll need to copy your changes to the new files on upgrade.
8.13.4: Known issue: Performance of user actions on issues
We’ve discovered an issue, where background reindexing might affect the performance of users actions on issues (create, update, comment). This was already introduced in Jira 8.10. While we’re working to fix it, we’ve decided to not block this release, as the issue already exists in your Jira instance, and you can still benefit from other fixes included in this release.
We want you to be aware of this issue, so you can work around it, if needed. We’ll update these upgrade notes once we release the fix.
Learn more about the issue and workarounds
8.13.4: Displaying default Jira avatars instead of broken images
We've improved how deleted avatars are displayed around Jira and in email notifications. Now, if an avatar's image is missing, you'll see the default Jira avatar for a particular item – be it user avatar, issue type icon, or project icon. This change applies to all the places where avatars appear, for example issue type icons in issues, user avatars in user-picker fields, project sidebar, mentions, and so on.
8.13.3: Changes to the allowlist
When you create an application link, the URL is automatically added to the Jira allowlist. From Jira 8.13.3, outbound requests from these URLs require users to be authenticated, unless you specifically allow anonymous users.
In addition, you can also set the default allowlist behavior for all application links. Choose to allow all users (including anonymous), only authenticated users, or deny all outbound requests for all users. When a new application link is created, the URL will be added to the allowlist with your preferred setting already configured.
If you experience any issues with features that rely on application links, such as gadgets, you can choose to allow anonymous requests for that application link. This is less secure, but may be a useful workaround until you can make any required changes to your linked application for authenticated requests. If you are in this situation, consider using an exact URL or wildcard rule to limit access to only the required path or resources.
If you subscribe a third-party gadget that doesn't require an application link, you will now need to add the gadget URL to the allowlist.
Known issue: Modal dialogs don't open on pages that use cross-origin iFrames
A number of actions in Jira are configured in modal dialogs (pop-ups) — for example, when you click Edit next to an item, we’ll often open the edit settings in the modal rather than move you to a separate page.
Problem
In Jira 8.12.2 and 8.13.0, these modal dialogs might not open on pages that use cross-origin iFrames. An example of this could be a cross-origin iFrame added to the Jira banner to collect some statistics. Because of this problem, you won’t be able to complete actions that rely on modal dialogs — these might include editing permissions, starting sprints, or editing comments in Jira Service Management requests. More about this bug
Affected versions
- 8.12.2, 8.13.0
Fixed versions
We have already fixed this problem in the following bugfix releases:
- 8.12.3, 8.13.1
Known issue: Sprint suggestions aren’t working
The Sprint picker field (used either when creating/editing issues or searching for sprints) suggests the last five sprints you viewed. If you haven’t viewed at least five, Jira will retrieve all existing sprints and calculate which are the best suggestions for you. Because of a bug, Jira isn’t retrieving additional sprints, so you’re seeing suggestions that are based only on your history.
More about this problem: https://jira.atlassian.com/browse/JSWSERVER-20679
Affected versions: 8.11.x, 8.12.x, 8.13.0
Fixed versions: 8.13.1+, 8.14.0+ (not released yet)
Workaround: The only workaround right now is building your history so Jira can show suggestions based on it. To do this, you have to visit backlogs that include sprints you’re interested in. Follow this bug for updates
Note: Upgrading to one of the fixed versions might cause performance issues in large Jira instances with thousands of sprints. See Sprint picker field might cause performance issues.
Known vulnerability in the BKS-V1 keystore format
If you’re running Jira over SSL, we’d like to bring your attention to a security vulnerability of the BKS-V1 keystore format, provided by the BouncyCastle library. We strongly recommend that you don’t use it in your Jira instance. Learn more
Support for Microsoft Exchange Online POP3 (8.13.1+)
We are planning to add the option to integrate with OAuth 2.0 using POP3 for Microsoft Exchange Online. The support will cover OAuth 2.0 integration for incoming mail.
Document based replication
Our previous architecture meant that the speed of index replication across the cluster was limited by the slowest node in the cluster due to single thread replay of all indexing operations. This is no longer the case as index changes on a node are now sent to other nodes directly. So each node we add to the cluster increases the write capacity of the cluster.
With Jira DC 8.13, our new architecture means that the index replication will not be delayed & index will remain consistent across the cluster. Simply put, this means a more stable cluster and reliable consistency of data across each node in the cluster.
However, these architectural changes require each node to communicate directly with other nodes, which can double the network traffic. When testing this on a 8 node cluster running a sustained stress load of 400 requests per second, the total network traffic volume amounted to 25% of total capacity of a 1Gbps link. Traffic will be lower if the load or cluster size is lower.
For more on Document-based replication, see Document-based replication in Jira Data Center.
Setting to prevent phishing attacks
To prevent non-authenticated users from navigating to crafted URLs in Jira and injecting messages onto the page, we've added a setting that disables displaying URL parameters in security dialogs.
The setting is available in Jira administration > System > General configuration and defaults to Off.
If the setting is disabled, the URL parameters that might be added to a URL are not captured and displayed in security dialogs. In that case, a security dialog looks the following:
New system property to speed up database search
We're introducing a new mechanism that retrieves custom field values for issues in batches of 50. This speeds up time-consuming operations such as database search.
For now, all these improvements affect only Jira built-in custom fields. We’re also opening an experimental API to help you leverage these improvements. For details, see Batch custom field value retrieval API.
You configure this feature with the jira.custom.field.indexing.batch.size
property. Setting its value to 1 disables batching and any other number defines the number of issues that will be batched.
To benefit from this change, a full reindex needs to be performed.
Known issue: Jira doesn’t recognize a MySQL database after the upgrade
If you're using a MySQL database, you might get the following error after the upgrade:
We can't tell what database you're using
That’s because your dbcongig.xml
file is using mysql
as the database-type
. This type is no longer recognized by Jira after we ended support for MySQL 5.6, so you’ll need to update it.
To solve this issue:
- Stop Jira.
- Edit the
dbconfig.xml
file (in your home directory)- If you’re using MySQL 8.0, change the
database-type
tomysql8
. - If you’re using MySQL 5.7, change the
database-type
tomysql57
. - If you're using MySQL 5.6, you will need to upgrade your database first, as this version is no longer supported.
- If you’re using MySQL 8.0, change the
For more info about connecting Jira to MySQL, see:
Known issue: Azure SQL is reported as an unsupported database
If you’re running Jira with the Microsoft Azure SQL database, you will get warnings saying that you’re using an unsupported database. That’s because Azure SQL is mistakenly reported as SQL Server 2014, and we’ve ended support for this one in this release.
Solution:
We’re working on the update of the Atlassian Troubleshooting and Support Tools app. For now, discard the warnings and wait for the available update. Your database is fine.
Increase your pool-max-size before upgrade
If you're upgrading from Jira 7.x to Jira 8.x we recommend changing the pool-max-size parameter to 40 in your dbconfig.xml before the upgrade. Leaving the default of 20 can sometimes lead to “ResultSet Closed” errors during re-indexing on 8.x. For information on implementing the change, see Tuning database connections.
An important bugfix requires full reindex
We fixed a bug that caused issues removed from sprint not showing in Burndown Chart or Sprint Report. The problem will automatically be fixed for all the newly created and edited issues and they will display in the Sprint Report and Burndown Chart.
If you are not concerned about the past issues, you don’t have to take any action. However, if you want to be sure all the past and current issues get fixed too, you need to perform a full reindex.
A bug in Tomcat causing issues on upgrade
Tomcat started to use double-quotes as of version 8.5.48 as a result of Expansion of JAVA_OPTS in catalina.sh containing '*' stops startup on linux bug. That's why when you upgrade to Jira 8.13 and set parameters in setenv.sh or setenv.bat, make sure that you:
- Don't remove the double-quotes in the catalina.sh
- Set all your parameters in one line without any new line in setenv.sh or setenv.bat
Otherwise you might experience issues starting up Jira.
New events in the Advanced audit log DATA CENTER
We are adding new events to track priority (Created, deleted updated) and secure admin login (websudo) for you to have better insight into your application.
End of support announcements
In Jira 8.13, we are not making any changes.
App developers
See Preparing for Jira 8.13 for any important changes regarding apps.
Upgrade procedure
Upgrading from a Jira version 8.x.x?
See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps. For a more tailored upgrade, go to Jira administration > Applications > Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.