Bulk editing more than 10000 issues will result in XSRF Security Token Missing

Still need help?

The Atlassian Community is here for you.

Ask the community

This article only applies to the Atlassian server platform. Learn more about the differences between cloud and server.

Bulk editing 10000 issues will cause severe performance degradation if it is not planned cautiously. Please proceed with caution and also make sure you have tested the bulk edit action on a smaller issue count.

To be accurate, it's not 10000 issues:

  • 9996 issues - bulk edit operation works fine.
  • 9997 issues - bulk edit operation will result in XSRF Security Token Missing.

Problem

While it is not recommended to perform a bulk operation for more than 1000 issues - this is to avoid performance issue on a JIRA instance, sometimes we would like to bulk edit or bulk edit issues on a test/development instance.

  1. We can increase the bulk edit issue limit as per the answer in How do you increase the bulk change maximum ?.
  2. Bulk edit operation will hit XSRF Security Token Missing if we edit more than 9997 issues, even after setting the jira.bulk.edit.limit.issue.count to 10000. 

Cause

In Tomcat, the default value for maxParameterCount is 10000. It means Tomcat doesn't take more than 10000 parameters and when we bulk edit more than 9997 issues, the request is losing the token due to the limitation. More information can be found here; Apache Tomcat 8 Configuration Reference.

Resolution

  1. Stop JIRA.
  2. Edit server.xml to make sure the connector has the maxParameterCount configuration, for example: 

    For JIRA Software version 7.12.3 and above:

    <Connector port="8080"
                       maxThreads="150"
                       minSpareThreads="25"
                       connectionTimeout="20000"
                       enableLookups="false"
                       maxHttpHeaderSize="8192"
                       protocol="HTTP/1.1"
                       useBodyEncodingForURI="true"
                       acceptCount="100"
                       disableUploadTimeout="true"
                       relaxedPathChars="[]|" 
                       relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
                       maxParameterCount="10100" />

    For JIRA version lower than 7.12.3:

    <Connector port="8080"
                       maxThreads="150"
                       minSpareThreads="25"
                       connectionTimeout="20000"
                       enableLookups="false"
                       maxHttpHeaderSize="8192"
                       protocol="HTTP/1.1"
                       useBodyEncodingForURI="true"
                       acceptCount="100"
                       disableUploadTimeout="true"
                       maxParameterCount="10100" />

    (info) The trick is to always have maxParameterCount more by 100 of the jira.bulk.edit.limit.issue.count value to prevent any problem.

  3. Start JIRA.


Last modified on Nov 23, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.