Bug Fixing Policy

Summary

This policy outlines the procedures for managing functional bugs. For further information regarding security vulnerabilities, visit Security Bug Fix Policy.

  • Our Support team helps with workarounds and bug reporting
  • As a general rule, we'll fix critical functional and security bugs in all currently supported releases: the latest feature release and supported LTS releases. To check which releases are supported, check the Atlassian End of Support Policy.

  • We schedule fixing non-critical bugs according to a variety of considerations.

  • We support releases for two years after the initial feature or Long Term Support (LTS) release.

Example:

We provide technical support for Jira Software 10.2.x for two years after Jira 10.2.0 was released. After that, Jira Software Data Center 10.1 will no longer receive security and functionality bug fixes.


Report a bug


If you're working on an app for an Atlassian product or using our APIs, we encourage you to report any bugs through the Ecosystem Jira.

Shared responsibility model

While Atlassian is committed to delivering secure products out of the box, we also rely on a shared responsibility model. This model requires customers to implement practices that continue beyond deployment and extend into operational phases. Some of these responsibilities include:

  • Operating Atlassian software on private networks.

  • Ensuring timely implementation of security fixes once they're released.

  • Configuring Web Application Firewalls (WAF), VPNs, multi-factor authentication, and single sign-on capabilities.

  • Implementing encryption and access controls.

  • Performing regular backups.

  • Conducting regular security audits.

This guide defines the roles and responsibilities for both Atlassian and Datta Ceter admins that are required for the most secure product environment.

Bug reports

Atlassian Support is eager and happy to help verify bugs—we take pride in it!

Create an issue in our support system, providing as much information as you can about how to replicate the problem you're experiencing. We'll replicate the bug to verify and then lodge the report for you. We'll also try to construct workarounds, if possible.

Search existing bug reports

Use our public issue tracker to search for existing bugs. Report new issues, watch and vote for the ones that are important to you. If you watch an issue, we'll email you a notification when it's updated.

How we approach bug fixing

Evaluating bugs by their symptom severity allows us to focus on the fixes that matter most. We prioritize security issues, in line with our Security Bug Fix Policy.

Bug fix releases may include enhancements to stability and performance, as well as address functionality bugs and security vulnerabilities. Depending on the nature of the fixes, they may introduce minor changes to existing features. Bug fixes don't include new features or high-risk changes, so they can be adopted quickly. We recommend regularly upgrading to the latest bug fix release for your current version.

We evaluate each bug by examining the severity of its symptoms. There are three distinct levels of symptom severity: critical, major, and minor.

Severity 1 - Critical

Your application is unavailable. Users aren't able to perform their job function, and no workarounds are available. 

See some examples...
  • login failure affecting all users
  • all or most pages don't display
  • out of memory errors cause application failure
  • significant data loss
  • node communication failures
  • administration tools fail

Severity 2 - Major

A feature is unavailable, application performance is significantly degraded, or users' job functions are hindered.

See some examples...
  • the application performs slowly and fails intermittently
  • application is functional, but frequently used gadgets or macros don't work
  • application links fail
  • specific editing features fail
  • or a Severity 1 (critical) issue where there is a viable workaround

Severity 3 - Minor

The application or specific feature isn't working as expected, but there is a workaround available. User experience is impacted, but their job function isn't hindered. 

See some examples...
  • some searches fail
  • sections of pages load slowly
  • administrative features fail intermittently, but a workaround is available
  • visual defects, that don't affect function
  • minor translation or localization problems
  • keyboard shortcuts not functioning as expected.


About our bug fix workflow

If you watch or mark a bug as affecting your team, it’s useful to understand how we review, prioritize, and resolve them in our public issue tracker jira.atlassian.com.

We prioritize issues using a metric called the User Impact Score (UIS) individually calculated for each issue. It takes into account the number of affected users, the severity of the issue, recent interest, and the percentage of users affected per instance. The more pervasive and severe the issue is, the higher its UIS.

We've standardized our workflow statuses across Data Center products, making it easier for you to track the status of any issue. Here’s the current workflow and a brief description of each status.

Workflow statusDefinitionPhase
Needs triage

This issue is waiting to be reviewed by a member of the Atlassian product team. Typically, only recently created issues are in this status. Our product teams review these issues regularly.

Review
Gathering impact

This issue has been reviewed, but needs more supporting information to gauge how pervasive the problem is.

Prioritization

Long term backlogA fix for this issue is required, but planned for farther in the future. This is because it’s not as severe or pervasive as other issues.
Short term backlog

A fix for this issue is required, and will be prioritised in the near future. This is because it’s more severe or pervasive than other issues.


Ready for development

A fix for this issue is required, and is ready for the development team to start their implementation.


In progressThe development team is currently working on this issue.

Implementation

In review

A fix for this issue has been proposed and is being reviewed and quality-tested by the development team.


Waiting for release

A fix for this issue has been implemented and is waiting to be shipped in a release.

 

Closed

Work on this issue is complete. If it’s fixed, the resolution will be ‘Fixed’ and the Fix Version field will indicate the product version that contains the fix. If no code changes were required, the resolution will be ‘Duplicate', 'Won't fix', 'Handled by support', 'Timed out', or similar.

Closure




FAQ

What is a shared responsibility model?

An agreement between Atlassian and its customers outlines a commitment to implementing best practices that persist beyond the initial deployment and extend into the operational phases. For details, check out Data Center security checklist and shared responsibilities.

What is a Long Term Support release? (example: Jira Software 10.3 LTS)

Long Term Support releases are for Data Center customers who prefer to allow more time for upgrades to new feature releases but still need to receive bug fixes. Some products will designate a specific version as a Long Term Support release, indicating that security bug fixes will be provided throughout the entire two-year support period.

What is a feature release? (example: Jira Software 10.1)

A Feature release is a version (for example, Jira Software 9.11) that contains new features or major changes to existing features, changes to supported platforms (such as databases, operating systems, Git versions), or removal of features and that hasn't been designated a Long Term Support release. 

What is a bugfix release (example:Jira Software 10.2.1)

Bug fix releases may include enhancements to stability and performance, as well as addressing functionality bugs and security vulnerabilities. Depending on the nature of the fixes, they may introduce minor changes to existing features. However, they do not include new features or high-risk changes, so they can be adopted quickly. We recommend regularly upgrading to the latest bug fix release for your current version.

Where can I find the latest releases?

You can always check the software download portal or visit the product-specific download pages.

What is a supported release?

Atlassian supports releases for two years after the initial feature or Long-Term Support (LTS) release. For example, we provide technical support Jira Software 10.2.x for two years after Jira 10.2.0 was released.

How can I find a list of supported releases?

Check out the Atlassian Data Center End of Support Policy for the most up-to-date information.

What is vulnerability?

Vulnerability refers to a weakness or flaw that may be exploited by a threat or risk. In the context of cybersecurity, a vulnerability could be a flaw in software, network, or system that allows unauthorized users to gain access or cause damage. This could include outdated software, weak passwords, or missing data encryption.

What is a security bug fix?

A security bug fix is a set of changes made to a system or application to address vulnerabilities that hackers could exploit. These vulnerabilities, also known as security bugs, could lead to unauthorized access, data theft, or other malicious activities.

Where can I find more information on fixed vulnerabilities in Data Center products?

Atlassian publishes monthly Security Advisories and provides access to the Vulnerability Disclosure Portal. The Vulnerability Disclosure Portal is a central hub for information about disclosed vulnerabilities in any of our products. It is updated monthly with the release of each Security Bulletin and provides an easy way to search and access data from previous bulletins.

Further reading

See Atlassian Support Offerings for more support-related information.

Last modified on Oct 14, 2014

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.