Documentation for JIRA 4.4. Documentation for other versions of JIRA is available too.

Skip to end of metadata
Go to start of metadata

On this page:

Upgrading from JIRA 4.0 to 4.1

General Upgrade Instructions

Please ensure that you follow the instructions in the general JIRA upgrade guide (non-version specific), as well as the JIRA 4.1 specific instructions in the sections below. The general upgrade guide contains important tasks that are essential for getting your upgraded JIRA instance to work correctly (e.g. merging jira-application.properties customisations from the old instance to the upgraded instance).

New Location of JIRA Log Files

As of 4.1, JIRA no longer writes logs in your working directory. All logs are now written to the $JIRA_HOME/log directory.

Changes to Plugins

Please read Updating JIRA Plugins for JIRA 4.1.

Form Token Handling

JIRA 4.1 employs a new token authentication mechanism, which is used whenever JIRA actions are performed either through link request or form submission. This provides JIRA with the means to validate the origin and intent of the request, thus adding an additional level of security against cross-site request forgery. While the core JIRA product and its bundled plugins use this token handling mechanism by default, non-bundled plugins or those developed by third parties may not.

Therefore, if you are a JIRA plugin developer, please refer to the Form Token Handling​ documentation for details on how to incorporate this token handling mechanism into your JIRA plugin.

If you choose to implement form token handling into your JIRA plugin, please be aware of the following points:

  • Any functions that use screen scraping, such as the 'create sub-task' function in FishEye, will be broken.
  • REST API end points will not be affected unless they use form encoding.

Form token checking is enabled by default in JIRA 4.1. However, JIRA administrators can disable it on their site by following the instructions in Disabling Form Token Checking.

Customers with Crowd Integration

If you use Crowd with JIRA, please be aware that when you upgrade to JIRA 4.1, the seraph-config.xml file located in JIRA/atlassian-jira/WEB-INF/classes/ will be overwritten to include a new element:

This element is required for security features in JIRA 4.1.

After upgrading to JIRA 4.1, however, you may notice problems with the login gadget. For more information, please refer to JRA-21205.

If you encounter these problems, please run through step 2 (Configuring JIRA to talk to Crowd) of Integrating Crowd with Atlassian JIRA procedure to ensure that Crowd is successfully reconfigured with JIRA. If you had made any customisations to any of the files throughout this procedure prior to upgrading to JIRA 4.1 (for example, the seraph-config.xml file), then you will need to re-integrate these customisations after the upgrade process.

Upgrading from JIRA 3.13 and earlier

In addition to the points listed above, please read the Upgrade Guide for every version you are skipping during the upgrade, particularly the JIRA 4.0 Upgrade Guide as JIRA 4.0 introduced significant licensing and technical changes. The complete list of Upgrade Guides is available here: Production Releases.