Jira Software 10.3.x upgrade notes

Jira Software release notes

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Here are some important notes on upgrading to Jira Software 10.3.x Long Term Support.

Skip to

Upgrade notes

Jira Software 10.3.x is a Long Term Support (LTS) release. Normally, we don’t introduce new features in LTS releases but rather consolidate the ones we’ve introduced since the last LTS release (Jira 9.12.0).

The summary has been divided into sections that group the changes by severity and type:

Breaking changes

Learn about what you need to keep an eye on to avoid outages or disruptions. The entries in this section are organized chronologically from newest to oldest.

Jira 10.2: New login experience with two-step verification

To improve the security of the Jira login experience, we’ve added a second authentication layer. If you experience any issues with the new login process, you can switch to the legacy login experience by setting the JVM system property atlassian.authentication.legacy.mode to true.

Jira 10.2: Keep the database password secure in the secret storage

We're now using the secret storage to secure the database password. After the upgrade, or during the zero-downtime upgrade (ZDU), we'll read the password from the dbconfig.xml file, encrypt it, store it in the secret storage and replace the password in the dbconfig.xml file with the placeholder: {ATL_SECURED}.

Jira 10.1: Share usage data

We’ve introduced a new way of sharing instance usage data with us. Now, the Analytics feature is called Usage data sharing and gives you more control of what you share with us.

Jira 10.0: Front-end API changes

This release brought an improved and updated Code sharing section of the Jira Data Center front-end API. We’ve introduced the following changes:

  • Inclusion of Jira-specific API modules, such as requested Jira Events.
  • Extensions and updates to common libraries.
  • Introduction to particular versioning of common libraries and alias module type.
  • Annotations to modules on the UPM level and better descriptions in the code.

Jira 10.0: Removal of previously deprecated feature flags

We’ve removed the following feature flags:

  • com.atlassian.jira.agile.darkfeature.burnupchart
  • optimistic.transitions
  • com.atlassian.jira.advanced.audit.log
  • velocity.chart.ui
  • jira.quick.search
  • com.atlassian.jira.custom.csv.escaper
  • atlassian.cdn.static.assets
  • jira.users.and.roles.page.in.react

All features previously hidden behind those feature flags were enabled by default.

Jira 10.0: Breaking changes to the Java API

We've removed several deprecated methods and classes. Additionally, we’ve made adjustments to a group of methods which involved modifying the signatures and return types. Check out the full list of changes

Jira 10.0: Breaking changes to the REST API

We’ve removed a set of REST API endpoints that have been deprecated since Jira Software 9.x. Check out the full list of changes

Jira 10.0: Removal of dependencies

We’ve removed access to a number of dependencies. Check out the full list of changes

Jira 10.0: Removal of binary installers

Binary installers are available again for Jira 10.3 LTS and its bug fixes only.

Starting from Jira 10.0, the .bin and .exe installers will no longer be available. You can still install Jira using the .zip and .tar.gz distributions.

Because of this change, Java is no longer bundled with Jira. Install Java manually

Jira 10.0: Updates to database schema

We’ve updated the created column in the changegroup, jiraissue, and jiraaction tables to support millisecond precision. This change affects Oracle and MySQL databases only. No action is required—the schema will be automatically migrated upon restart.

Jira 10.0: End of support for the H2 database engine

We’ve removed support for the H2 database and the H2 library itself from Jira’s distribution. To resolve several security vulnerabilities, the JDBC driver for the H2 database engine won’t be bundled with Jira anymore. Additionally, you’ll no longer be able to evaluate Jira 10.0 using the H2 embedded database.

Jira 10.0: Introducing JDK 17, end of support for Java 8 and 11

Binary installers are available again for Jira 10.3 LTS and its bug fixes only.

Jira 10.0 has been recompiled in JDK 17 with the Java 16 language level. This means that from now on you won’t be able to run Jira in lower Java versions (8 and 11).

Because of the removal of binary installers, Java is no longer bundled with Jira. Install Java manually

Jira 9.17 has support for Client Credential Grant Flow (CCGF) as a new outgoing OAuth 2.0 integration type for email authorization. As opposed to the Authorization Code Grant, CCGF doesn’t require the user to manually authenticate and approve application-to-application connections, making it more suitable for situations where direct user interaction isn’t feasible.

Jira 9.16: Store backups securely in S3 object storage

If you’re running your Jira Data Center instance in AWS, you can now securely store backups in Amazon S3 object storage away from your application’s local filesystem.

Jira 9.15: New location of the backup export directory

As of Jira Software 9.15.0, the default backup export directory has been changed from <jira-home-dir>/export to <jira-home-dir>/export/backups, where <jira-home-dir> is your Jira [shared] home directory. The export directory is now a general purpose directory used by data pipelines and support zips.

Jira 9.15: Restrict file extensions that can be uploaded to your Jira

To protect your Jira instance and your organization’s infrastructure from potential malware, admins can now restrict unwanted file extensions from being uploaded through issues. To restrict specific file formats, you just need to create a blocklist or an allowlist of file extensions that must be blocked or allowed, respectively.

Jira 9.15: Tightening security with a websudo allowlist

To add an extra layer of security to websudo operations, you can configure and enable your own IP address/subnet allowlist for Jira. This means that certain superuser operations can only be performed from pre-approved IP addresses.

Jira 9.15: Confluence Page Viewer replaces the Confluence Page Gadget

We’ve replaced the old and popular Confluence Page Gadget with the new Confluence Page Viewer. The new gadget is built on top of a modern and secure technology stack and comes with several UI improvements for a better overall experience. And just like with the old one, you can use the Confluence Page Viewer to embed a page from a linked Confluence Data Center site on your Jira dashboard.

Jira 9.14: Installing apps with the Universal Plugin Manager

The Universal Plugin Manager (UPM) allows installing Atlassian and third-party apps on Jira and the other Data Center products in three ways:

  • With the Upload app button on the Manage apps page, where you provide a URL to the app or upload a file with the app.
  • With the REST API (/rest/plugins).
  • With the Install button on the Find new apps page.

Jira 9.13: Always view the oldest or newest displayed comments first

Jira now remembers your preferred comment sorting order. Once you select how you’d like to see issue comments — newest or oldest first — the rest will be sorted in the same way.

Jira 9.13: Secure a database password by storing it in HashiCorp Vault

Secure your passwords by storing them in HashiCorp Vault. Admins can now enable the SecretStore implementation to read a database password from a Vault instance. This is an alternative, more secure option for storing database passwords as plaintext in an XML file.

Changes introduced in this release

Dark theme is officially here

Some time ago, we partially implemented dark theme with some unsupported areas. Now, you can enjoy the new experience for enhanced content readability and visual harmony across work environments! This also means better visuals and less eye strain. Try it now: go to your Profile, then Theme, and select Light, Dark, or Match system.

Just one last milestone left—we’re actively working on making the Plans view available in dark theme. Stay tuned!

Light theme becomes the new default

In Jira 10.3, the light theme takes over as the default, replacing the now deprecated original theme. This means that the default Look and Feel configuration in Jira is aligned with the light theme. We recommend adopting the light theme as the original theme won’t be supported anymore.

Binary installers available for this release

We’ve decided to bring back binary installers for the Jira 10.3 release and its following bug fix releases. We’re still investigating the upgrade processes and working towards better support of the manual upgrade path, so this decision only applies to the Jira 10.3 LTS. The following feature releases (for example 10.4 and 10.5) won't include installers.

Ignore warnings from Atlassian Package Scanner

Atlassian Package Scanner verifies if there are no .jar files providing the same package, potentially with a different version. After you upgrade to Jira Software Data Center 10.3 or Jira Service Management Data Center 10.3, Atlassian Package Scanner will notify you about packages with the same content provided by different .jar files.

This is due to Embedded Crowd still migrating to the new version of the platform and still using password-cipher, while Jira has already moved to atlassian-secrets but still has to provide password-cipher for backwards compatibility. atlassian-secrets embeds password-cipher, which is why Atlassian Package Scanner notices them, but since the content is the same, the following warnings may be safely ignored (note the duplicated lines—those appear because the .jar files are placed both in /lib and atlassian-jira/WEB-INF/lib):

JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-api-5.0.4.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-api-1.4.0.jar and atlassian-secrets-api-5.0.4.jar

Note that the full warning comes with the details about the exact location of the scanned files:

2024-10-17 09:31:28,389+0000 JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar '/tmp/jira/lib/atlassian-secrets-api-5.0.4.jar' '/tmp/jira/lib/password-cipher-base-1.4.0.jar'

Improvements, fixes, and non-breaking changes

Get a glimpse of all the improvements, fixes, and non-breaking changes added to each release leading up to Jira 10.3. The table is divided into rows by release. Every row contains a link to the relevant upgrade notes where you can learn the details.

Version

Improvements, fixes, and non-breaking changes

Upgrade notes

10.2

  • New login experience with two-step verification
  • Keep the database password secure in the secret storageR
  • Ignore warnings from Atlassian Package Scanner

Jira Software 10.2 upgrade notes

10.1

No important changes.

Jira Software 10.1 upgrade notes

10.0

  • Front-end API changes
  • OpenAPI standard for REST API documentation
  • Removal of previously deprecated feature flags
  • Breaking changes to the Java API
  • Breaking changes to the REST API
  • Removal of dependencies
  • Removal of binary installers

Binary installers are available again for Jira 10.3 LTS and its bug fixes only.

  • Jira Software and Jira Core dialogs migrated to AUI Dialog 2
  • Application Links compatibility
  • Velocity path traversal prevention and allowlisting
  • Updates to database schema
  • Removal of the jira-func-tests-legacy module
  • Disabling the runtime JavaServer Pages compilation
  • Custom JSPs are blocked unless loaded by an action
  • Unbundling of atlassian-frontend-runtime-plugin
  • Deprecation of jquery-migrate 1.x
  • Centralized dependency management
  • Expected downtime due to database upgrade in Jira Software 10.0 and Jira Service Management 10.0
  • End of support for the H2 database engine

Jira Software 10.0 upgrade notes

9.17

No important changes.

Jira Software 9.17 upgrade notes


9.16

No important changes.

Jira Software 9.16 upgrade notes

9.15

  • New location of the backup export directory
  • Amazon S3 storage configuration updates

Jira Software 9.15 upgrade notes

9.14

  • Archiving issues with Jira Automation
  • Installing apps with the Universal Plugin Manager
  • The ATST app upgraded to 1.54.0 with a new health check
  • End of support of Oracle 12c R2, Amazon Aurora on PostgreSQL 10 and 11

Jira Software 9.14 upgrade notes

9.13

  • Choosing the default comment order
  • Bulk issue description editing
  • Adding watchers while creating issues
  • Securing a database password by storing it in HashiCorp Vault

Jira Software 9.13 upgrade notes

Changes to supported platforms

See what changes have been made to supported platforms since the last Jira LTS release:

End of support

We've removed support for:

  • Oracle 12c R2
  • Amazon Aurora on PostgreSQL 10
  • Amazon Aurora on PostgreSQL 11
  • H2 database engine
  • Java 8
  • Java 11
  • .bin and .exe binary installers

Binary installers are available again for Jira 10.3 LTS and its bug fixes only.

We’ve unbundled:

  • Java (due to the binary installers removal)

Binary installers are available again for Jira 10.3 LTS only.

Confirmed support

We’ve confirmed support for:

  • Azure PostgreSQL Flexible Server for one primary node only

Known issues

This section contains information about any issues that we’ve discovered in our testing. We’re constantly keeping an eye out and if we find anything, we’ll let you know right here.

Jira logs many "Dangerous use of multiple connections" warnings on startup

Jira will log multiple "Dangerous use of multiple connections" warning messages on startup.
The stack trace indicates that this behavior happens while reading application properties, which was refactored in Jira 9.15.0. Learn more

Selecting image in Add priority dialog throws an error in console

Workaround

Proceed to create a new priority with a sample of Icon URL, for example:

images/icons/priorities/trivial.png

Once the priority has been created, edit and select image to bring up the pop-up window. Learn more

 Upgrade procedure

Upgrading from Jira version 9.x.x? 

  • See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps. 
  • For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

 App developers

See Preparing for Jira 10.3 for any important changes regarding apps.

Last modified on Dec 6, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.