This documentation is intended for Jira developers who want to ensure that their existing apps are compatible with Jira Software Data Center 10.2 and Jira Service Management Data Center 10.2.

Latest version

Here you can find information about the latest EAPs.

Summary of changes

This section provides an overview of the changes we intend to make so that you can start thinking about their impact on your apps. Once the updates are ready, we'll indicate when they’ve been implemented and in which milestone.

• Jira Software and Jira Service Management common features
  • New login experience with two-step verification
  • Turn off the lights in Jira automation
  • Component validations for disabled automation rules
  • Connectivity check for sharing usage data
  • Secret storage
  • Integrity Checker improvements
• Jira Software features
  • Introducing Local Lexorank Repair
• Jira Service Management features
  • Restrict comment visibility to a group or role
  • Preventing data loss when changing cardinality in Assets
• Known issues
  • Ignore warnings from Atlassian Package Scanner

Jira Software and Jira Service Management common features

New login experience with two-step verification

Status: IMPLEMENTED (EAP 01)

To improve the security of the Jira login experience, we’ve added a second authentication layer. The new login process supports a native two-step verification (2SV) capability using a time-based one-time password (TOTP) generated by an authentication app as a second factor. Explore how to manage two-step verification

If you experience any issues with the new login process during end-to-end build tests or CI/CD of your app, you can switch to the legacy login experience by setting the JVM system property -Datlassian.authentication.legacy.mode to true.

Turn off the lights in Jira automation

Status: IMPLEMENTED (EAP 01)

We’re bringing dark theme to Jira automation. To test the compatibility of your apps and rule components, enable the dark theme by going to your Profile, then Theme, and select Dark.

Component validations for disabled automation rules

Status: IMPLEMENTED (EAP 01)

Component validations are now performed both for enabled and disabled automation rules when they’re updated. This ensures that all rules undergo validation to quickly identify any configuration errors.

Connectivity check for sharing usage data

Status: IMPLEMENTED (EAP 01)

When you share your instance usage data, your firewall setup ensures data can be sent outwards. You can now test the connection to check if your firewall prevents or causes traffic blockages. More about sharing usage data

Secret storage

Status: IMPLEMENTED (EAP 01)

We’ve provided a new default solution for encrypting secrets. This feature will automatically replace the plaintext sensitive values in the database files with the placeholder {ATL_SECURED}. The values will be encrypted with an AES 256-bit key.

The following secrets will now be secured by default:

Integrity Checker improvements

Status: IMPLEMENTED (EAP 01)

We’ve improved the Integrity Checker so that it works at the Enterprise scale. Now, it won’t cause high JVM memory pressure or full garbage collection anymore. Finding issues is much faster, and fixing them more extensive and precise.

For the long-running fix operations, we’ve implemented a limit of fixes within a single check jira.integrity.checker.results.limit that defaults to 1000 and can be adjusted. We’ve also limited the default number of displayed results to 20.

Image attachments thumbnails in emails

Status: IMPLEMENTED (EAP 01)

You can now see thumbnails of image attachments in emails without being authenticated to Jira. This update fixes the problem of images not being rendered properly while having issues with authentication.

This feature is on by default. To disable it, turn off the following feature flag: com.atlassian.jira.send.email.notifications.with.images.attached.

Your logo in light and dark

Status: IMPLEMENTED (EAP 02)

You can now upload your site logo in two versions so it matches your theme whether you choose the light or dark option. If you upload just one logo, it'll apply to both themes. If you’re already using your own logo, it'll now become the light theme logo.

To upload your logo, go to Administration, then System, then Look and feel, then Logo.

Note that the Original theme in the default form (with no customized Look and Feel) is decommissioned and not recommended to use anymore.

Changes to metrics served by the JMX exporter

Status: IMPLEMENTED (EAP 02)

We no longer expose Connection instance-level metrics through the JMX exporter in Jira while still maintaining other types of tracking, including tracking at the Connections level.

If you need to restore the previous behavior, you can use the parameter -Ddbcp.registerConnectionMBean=true to override those settings. However, this workaround isn’t recommended as it may bring back already fixed symptoms or cause other unknown problems resulting from the thread races in the underlying library.

Jira Software features

Introducing Local Lexorank Repair

Status: IMPLEMENTED (EAP 01)

We’re introducing Local Lexorank Repair, a targeted operation to address the degradation of the Jira Software issue rank system. It provides timely repairs before ranking problems escalate, with the intent to avoid global Lexorank rebalancing. Local Lexorank Repair improves system predictability by addressing rank degradation in local degradation hotspots, instead of globally rebalancing the entire system.

The feature runs in the background and is triggered by the following issue ranking operations:

• UI operations, such as dragging and dropping a single issue on or moving issues to the top or bottom of the backlog.
• REST API calls to /rest/greenhopper/1.0/api/rank/after and /rest/greenhopper/1.0/api/rank/before with a single issue in the payload.
  
  

Jira Service Management features

Restrict comment visibility to a group or role

Status: IMPLEMENTED (EAP 01)

We’re improving the way agents and admins share information when commenting on issues. In service projects, they can now restrict comments not only to all internal users but also to specific roles or groups they belong to.

Preventing data loss when changing cardinality in Assets

Status: IMPLEMENTED (EAP 01)

We've improved how attribute cardinality changes are managed in Assets. So far, if an attribute's values exceeded the maximum cardinality, excess values were silently deleted during re-indexing. This could result in a data loss. Now, when you reduce the maximum cardinality of an attribute, a new dialog box will appear, allowing you to choose whether to keep or delete the excess values. If you delete them, this action will be recorded in the object's history. This change gives you more control over your data while maintaining system integrity.

Known issues

Ignore warnings from Atlassian Package Scanner

Atlassian Package Scanner verifies if there are no .jar files providing the same package, potentially with a different version. After you upgrade to Jira Software Data Center 10.2 or Jira Service Management Data Center 10.2, Atlassian Package Scanner will notify you about packages with the same content provided by different .jar files.

This is due to Embedded Crowd still migrating to the new version of the platform and still using password-cipher, while Jira has already moved to atlassian-secrets but still has to provide password-cipher for backwards compatibility. atlassian-secrets embeds password-cipher, which is why Atlassian Package Scanner notices them, but since the content is the same, the following warnings may be safely ignored (note the duplicated lines—those appear because the .jar files are placed both in /lib and atlassian-jira/WEB-INF/lib):

JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-api-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-api-1.4.0.jar and atlassian-secrets-api-5.0.4.jar

Note that the full warning comes with the details about the exact location of the scanned files:

2024-10-17 09:31:28,389+0000 JIRA-Bootstrap WARN      [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
      '/tmp/jira/lib/atlassian-secrets-api-5.0.4.jar'
      '/tmp/jira/lib/password-cipher-base-1.4.0.jar'