Jira Software 9.0.x upgrade notes

Older

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Here are some important notes on upgrading to Jira Software 9.0.x.

Upgrading from 8.x to 9.x triggers full Jira reindex that causes some downtime during the process. If you’re on 8.x now, make sure you’ve estimated the downtime and set the best time for the upgrade.

Learn more about how to handle full reindex and estimate downtime

 Upgrade notes

Improved indexation for issue-related entities

To improve Jira performance, we've introduced a limit on the number of issue-related entities that will be indexed after the full issue reindex is triggered. By default, Jira will now index only 1000 newest comments, changehistory items, and worklogs. This value can be changed for each entity via a system property.

For more information about the feature and default limitations, see Safeguards in Jira DC index

Security fixes for API endpoints

As mentioned in the release notes, we’ve restricted anonymous access to multiple API endpoints to fix security vulnerabilities. You’ll still be able to enable anonymous access for listed endpoints on Jira 9.0 and some later versions. However, this capability will be fully disabled in the upcoming LTS release. 

The following table lists all the restricted enpoints and features the scope of changes. 

EndpointWhat changedFeature flag
/rest/api/2/field

Anonymous access is blocked only when there are no projects available for anonymous users.

com.atlassian.jira.security.endpoint.non.browse.projects.access.fields

/rest/api/2/issueLinkType

Anonymous access is disabled completely.com.atlassian.jira.security.endpoint.anonymous.access.issueLinkType
/rest/api/2/jql/autocompletedata/Anonymous access is blocked only when there are no projects available for anonymous users.com.atlassian.jira.security.endpoint.non.browse.projects.access.autocompletedata

/rest/api/2/priority

Anonymous access is blocked only when there are no projects available for anonymous users. com.atlassian.jira.security.endpoint.anonymous.access.priority
/rest/api/2/projectCategoryAnonymous access is disabled completely.com.atlassian.jira.security.endpoint.anonymous.access.projectCategory
/rest/api/2/resolution

Anonymous access is blocked only when there are no projects available for anonymous users.

com.atlassian.jira.security.endpoint.anonymous.access.resolution
/rest/api/2/screensOnly admins have access to this endpoint.com.atlassian.jira.security.endpoint.non.admin.access.screens
/rest/api/latest/avatar/project/systemAnonymous access is disabled completely.com.atlassian.jira.security.endpoint.non.admin.access.avatar.system

Some project categories, status categories, issue link types, priorities, and resolutions may be accessible to anonymous users even if anonymous access is disabled. To restrict anonymous access to endpoints on Jira 9.0, you need to restrict all public facing content as described in Control anonymous user access.

  End of support announcements

This release does not include any end of support announcements. For the list of supported platforms, see Supported platforms.

 App developers

See Preparing for Jira 9.0 for any important changes regarding apps.

 Upgrade procedure

Upgrading from a Jira version 9.x.x? 

  • See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps. 

  • For a more tailored upgrade, go to Jira administration > Applications > Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.
Last modified on Oct 24, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.