Upgrading from JIRA 3.11 to 3.12
Please follow the JIRA general upgrade instructions, plus note the following:
- Everyone who had the 'JIRA Administrators' global permission before the upgrade will automatically receive the new 'JIRA System Administrators' global permission during the upgrade. This will ensure that everyone can still perform the same functions they could previously.
- The following new Seraph property can be used to fix JRA-10508:
<!-- If this parameter is set to true, the cookie will never be set secure. This is useful if you're logging
into JIRA via https, but want to browse JIRA over http. This flag will ensure that the remember me option
works correctly. -->
<init-param>
<param-name>insecure.cookie</param-name>
<param-value>true</param-value>
</init-param>
- Due to the Seraph upgrade, to fix JRA-10508 all users will be prompted to log in again. This will also affect users who have the 'Remember me' checkbox ticked.
- If you are building JIRA from source, please note that Maven2 is now required for a build. This is because the JIRA Fisheye Plugin requires Maven2.
- If you are using the JIRA Toolkit, it is recommended that you upgrade to the latest version in order to fix JRA-13553
- Please note that the new Trusted Applications feature is not supported on Orion versions prior to 2.0.5. Also note that Resin2 has problems and you will need to update the Resin extra jars.
- There is a new database table. Please see the following page for details
Upgrading from JIRA 3.10.2 and earlier
In addition to the above, please read the Upgrade Guide for every version you are skipping during the upgrade. The complete list of Upgrade Guides is available here.
Using the Trusted Applications feature with Crowd
Please note that older versions of the Crowd client, (i.e. version 1.2.1 or earlier), can interfere with the correct operation of the Trusted Applications feature. If you are enabling Trusted Applications and using Crowd, please ensure that your Crowd client is version 1.2.2 or later.
Comments (1)
Dec 11, 2007
Jed Wesley-Smith says:
We have seen some issues with the new version of Seraph shipped in this version ...We have seen some issues with the new version of Seraph shipped in this version of JIRA. It is not possible to log in and the following is seen in the log:
Exception caught in 500 page Could not load security config 'null': Exception configuring from 'seraph-config.xml': java.lang .IllegalArgumentException: The password must be specified java.lang.RuntimeException: Could not load security config 'null': Exception configuring from 'seraph-config.xml': java.lang.IllegalArgumentException: The password must be specified at com.atlassian.seraph.config.SecurityConfigFactory.loadInstance(SecurityConfigFactory.java:51) at com.atlassian.seraph.config.SecurityConfigFactory.getInstance(SecurityConfigFactory.java:30) at com.atlassian.seraph.filter.SecurityFilter.init(SecurityFilter.java:53) at com.atlassian.jira.security.JiraSecurityFilter.init(JiraSecurityFilter.java:17) at com.caucho.server.dispatch.FilterManager.createFilter(FilterManager.java:127) at com.caucho.server.dispatch.FilterMapper.buildDispatchChain(FilterMapper.java:169) ...This is caused by a modified seraph-config.xml where the cookie-encoding parameter is blank or missing. Previously this did not matter (although it left a very insecure cookie in the user's browser if they clicked "Remember Me").
The solution is to add the following to your seraph-config.xml's parameters section:
<!-- This property controls how your cookie is encrypted. If you truly want to secure your cookies, you need to change this to a secure password --> <init-param> <param-name>cookie.encoding</param-name> <param-value>jiracookie</param-value> </init-param>