Jira Software 9.0.x upgrade notes
Here are some important notes on upgrading to Jira Software 9.0.x.
Upgrading from 8.x to 9.x triggers full Jira reindex that causes some downtime during the process. If you’re on 8.x now, make sure you’ve estimated the downtime and set the best time for the upgrade.
Learn more about how to handle full reindex and estimate downtime
Upgrade notes
Improved indexation for issue-related entities
To improve Jira performance, we've introduced a limit on the number of issue-related entities that will be indexed after the full issue reindex is triggered. By default, Jira will now index only 1000 newest comments, changehistory items, and worklogs. This value can be changed for each entity via a system property.
For more information about the feature and default limitations, see Safeguards in Jira DC index.
Security fixes for API endpoints
As mentioned in the release notes, we’ve restricted anonymous access to multiple API endpoints to fix security vulnerabilities. You’ll still be able to enable anonymous access for listed endpoints on Jira 9.0 and some later versions. However, this capability will be fully disabled in the upcoming LTS release.
The following table lists all the restricted enpoints and features the scope of changes.
Endpoint | What changed | Feature flag |
---|---|---|
/rest/api/2/field | Anonymous access is blocked only when there are no projects available for anonymous users. | com.atlassian.jira.security.endpoint.non.browse.projects.access.fields |
| Anonymous access is disabled completely. | com.atlassian.jira.security.endpoint.anonymous.access.issueLinkType |
/rest/api/2/jql/autocompletedata/ | Anonymous access is blocked only when there are no projects available for anonymous users. | com.atlassian.jira.security.endpoint.non.browse.projects.access.autocompletedata |
| Anonymous access is blocked only when there are no projects available for anonymous users. | com.atlassian.jira.security.endpoint.anonymous.access.priority |
/rest/api/2/projectCategory | Anonymous access is disabled completely. | com.atlassian.jira.security.endpoint.anonymous.access.projectCategory |
/rest/api/2/resolution | Anonymous access is blocked only when there are no projects available for anonymous users. | com.atlassian.jira.security.endpoint.anonymous.access.resolution |
/rest/api/2/screens | Only admins have access to this endpoint. | com.atlassian.jira.security.endpoint.non.admin.access.screens |
/rest/api/latest/avatar/project/system | Anonymous access is disabled completely. | com.atlassian.jira.security.endpoint.non.admin.access.avatar.system |
Some project categories, status categories, issue link types, priorities, and resolutions may be accessible to anonymous users even if anonymous access is disabled. To restrict anonymous access to endpoints on Jira 9.0, you need to restrict all public facing content as described in Control anonymous user access.
End of support announcements
This release does not include any end of support announcements. For the list of supported platforms, see Supported platforms.
App developers
See Preparing for Jira 9.0 for any important changes regarding apps.
Upgrade procedure
Upgrading from a Jira version 9.x.x?
- See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
- For a more tailored upgrade, go to Jira administration > Applications > Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.