Jira Service Management 10.0.x upgrade notes
Below are some important notes on upgrading to Jira Service Management 10.0.x. For details on the new features and improvements in this release, see:
Platform releases allow us to incorporate multiple significant changes (often called “breaking changes”) that aren't compatible with previous versions. These changes establish a strong foundation for more extensive development in future releases.
To increase security and performance, we’ve made changes in our core architecture that require apps to bundle their libraries. We’re collaborating with our Marketplace partners on these changes, however, some apps may not be immediately compatible with the new platform upon release and cause product experience breaks. We recommend that you review your apps before upgrading to avoid service disruptions for your organization.
To check app compatibility, visit Checking app compatibility with application updates or the Atlassian Marketplace to see if your app hosting is compatible with your product version.
- Upgrade notes
- Removal of REST API endpoints
- Removal of the http-builder library
- Groovy 4 upgrade
- Expected downtime due to database upgrade in Jira Software 10.0 and Jira Service Management 6.0
- Removal of internal GraphQL APIs in Assets
- Removal of previously deprecated feature flags
- Breaking changes to the Java API
- Removal of dependencies
- Removal of binary installers
- Application Links compatibility
- Velocity path traversal prevention and allowlisting
- Disabling the runtime JavaServer Pages compilation
- Custom JSPs are blocked unless loaded by an action
- End of support announcements
- App developers
- Upgrade procedure
Upgrade notes
Removal of REST API endpoints
For: ADMINS
We’ve removed the following REST API endpoints in the Jira Service Management 10.0.
Change | Instructions |
---|---|
Removed | Use GET /servicedeskapi/admin/queues/{projectKey} |
Removed
| Use PUT /servicedeskapi/admin/queues/include-count |
Removed PUT /servicedeskapi/queues/{projectKey}/include-count | Use PUT /servicedeskapi/admin/queues/{projectKey}/include-count |
Removed PUT /servicedeskapi/queues/cache-count | Use PUT /servicedeskapi/admin/queues/cache-count |
Removed PUT /servicedeskapi/queues/{projectKey}/cache-count | Use PUT /servicedeskapi/admin/queues/{projectKey}/cache-count |
Removal of the http-builder library
For: ADMINS
We’ve removed the http-library in Jira Service Management 10.0 because it is not being actively maintained. If you are using this library in Groovy scripts, we recommend that you switch to the native Groovy GET and POST methods.
Groovy 4 upgrade
For: ADMINS
We’ve upgraded from Groovy 2 to Groovy 4 in Jira Service Management 10.0 for better security, functionality, and syntax support. If you’ve been using Groovy scripts in Assets, test your existing scripts in a non-production environment to make sure your scripts work properly.
Here’s some of the important breaking changes:
- Changes to the syntax of the
switch
statement. - Changes to the syntax of the
intersect()
method on arrays. - Changes to the resolution of properties of isser/getter.
picocli
package is no longer bundled, use an extra@Grab
instead.ImportCustomizer
is applied once per module (previously it was applied once per class).groovy-jaxb
,groovy-bsf
, andStaticTypeCheckingVisitor#collectAllInterfacesByName
modules are no longer available.- Antlr2 based parse is no longer available (use the new Parrot parser).
- Changes to the formatting of some CLI help messages.
If you run into the following issue with
JsonSlurper
, replaceJsonSlurper
withJackson
ObjectMapper
.java.lang.RuntimeException: Unable to load FastStringService at org.apache.groovy.json.internal.FastStringUtils.getService(FastStringUtils.java:56) ~[?:?] at org.apache.groovy.json.internal.FastStringUtils.toCharArray(FastStringUtils.java:66) ~[?:?] at org.apache.groovy.json.internal.BaseJsonParser.parse(BaseJsonParser.java:114) ~[?:?] at groovy.json.JsonSlurper.parseText(JsonSlurper.java:205) ~[?:?]
The following table lists the changes to the names of classes, packages, and modules.
For the full list of breaking changes, check out:
Class/package/module name | Groovy 2 | Groovy 4 |
---|---|---|
groovy-xml | groovy.util | groovy.xml |
groovy | groovy.xml.QName | groovy.namespace |
groovy-ant | groovy.util | groovy.ant |
groovy-console | groovy.inspect | groovy.console |
| groovy.console.ui | |
groovy.ui.ConsoleApplet | Deprecated | |
groovy-groovysh |
| org.apache.groovy.groovysh |
groovy-jmx |
| groovy.jmx |
groovy-nio |
| org.apache.groovy.nio.extensions.NioExtensions |
| org.apache.groovy.nio.runtime | |
groovy-swing |
| org.apache.groovy.swing.binding |
| groovy.swing.model | |
| org.apache.groovy.swing.table | |
groovy-test |
| org.apache.groovy.test |
groovy.transform.NotYetImplemented | groovy.test.NotYetImplemented | |
groovy.util | groovy.test | |
groovy.lang | groovy.test | |
GroovyClassLoader | Types for sourceCache and classCache have changed from Map to stronger types |
Expected downtime due to database upgrade in Jira Software 10.0 and Jira Service Management 6.0
For: ADMINS
We’re changed the structure of MySQL and Oracle databases in Jira Software 10.0 and Jira Service Management 6.0 to enhance the accuracy of timestamps for operations, down to the millisecond (operations such as creating issues, updating comments, or changing statuses).
If you’re using a MySQL or Oracle database, you’ll notice an additional upgrade downtime as some columns from the jiraissue
, jiraaction
, and changegroup
tables will be migrated during the upgrade. We expect this downtime to be less than 20 minutes if you have fewer than five million issues. Note that the downtime will be proportional to your database performance, size, and the row count in the jiraissue
, jiraaction
, and changegroup
tables.
To get an accurate estimate and plan your upgrade:
Find the row counts by running the following commands in your database:
SELECT COUNT(*) FROM jiraissue; SELECT COUNT(*) FROM jiraaction; SELECT COUNT(*) FROM changegroup;
- Use the following benchmark data provided for Amazon RDS db.m6g.8xlarge and estimate your downtime:
jiraissue
table: approximately 26.527 seconds per million rowsjiraaction
table: approximately 7.592 seconds per million rows- changegroup table: approximately 9.468 seconds per million rows
For example, if you have 5 million, 8 million, and 80 million rows in the jiraissue
, jiraaction
, and changegroup
tables respectively, you can expect a downtime of about 16.65 minutes.
Removal of internal GraphQL APIs in Assets
For: ADMINS
We have removed the internal Assets GraphQL APIs to enhance security, establish consistent API patterns across Jira Service Management and Assets, and to clean up our code base. We’ve migrated the APIs that are used to configure Assets icons to new internal REST endpoints.
We’ll be removing the following:
- GraphQL endpoint
/insight/graphql
GraphQL queries:
Query name Description findObjectSchemas
Find object schemas for provided filter. If no filter is provided, all object schemas will be returned.
objectSchema
Get an object schema by its ID
findObjectTypes
Find object types for provided filter. If no filter is provided, all object types will be returned.
findObjectTypeRelations
Find related object types
objectType
Get an object type by its ID
icon
Get an icon by its ID
globalIconTheme
Get the global icon theme
findObjects
Find objects for provided filter. If no filter is provided, all objects will be returned.
findObjectReferences
Find inbound and outbound references for the given object
findStatusTypes
Find status types for provided the filter. If no filter is provided, all object status types will be returned.
findReferenceTypes
Find reference types for the provided filter
object
Get an object by its ID
findObjectTypeAttributes
Find object type attributes for provided filter. If no filter is provided, all object type attributes will be returned.
objectTypeAttribute
Get an object type attribute by its ID
findUniqueObjectAttributeValues
Find unique object attribute values for a given object type attribute
GraphQL mutations:
Mutation name Description createObjectSchema
Create a new object schema
updateObjectSchema
Update an existing object schema's name or description
copyObjectSchema
Copy an existing object schema
deleteObjectSchema
Delete an existing object schema
createObjectType
Create a new object type
updateObjectType
Update an existing object type
updateObjectTypePosition
Change the position of an object type in the object types structure
copyObjectType
Copy an existing object type
deleteObjectType
Delete an existing object type
createObject
Create a new object
updateObject
Update an existing object
deleteObject
Delete an existing object
createObjectTypeAttribute
Create a new object type attribute
updateObjectTypeAttribute
Update an existing object type attribute
configureObjectTypeAttribute
Change configuration of the object type attribute
updateObjectTypeAttributePosition
Change the position of an object type attribute in attribute list
deleteObjectTypeAttribute
Delete an existing object type attribute
createIcon
Create new icon
updateIcon
Update an existing icon
deleteIcon
Delete an existing icon
configureGlobalIconTheme
Configure the global icon theme
resetGlobalIconTheme
Reset the global icon theme to its default configuration
Removal of previously deprecated feature flags
In this release, we’ve removed the following feature flags:
com.atlassian.jira.agile.darkfeature.burnupchart
optimistic.transitions
com.atlassian.jira.advanced.audit.log
velocity.chart.ui
jira.quick.search
com.atlassian.jira.custom.csv.escaper
atlassian.cdn.static.assets
jira.users.and.roles.page.in.react
All features previously hidden behind those feature flags were enabled by default.
Breaking changes to the Java API
In this release, we've removed several deprecated methods and classes. Additionally, we’ve made adjustments to a group of methods which involved modifying the signatures and return types.
Removal of dependencies
In this release, we’ve removed access to a number of dependencies.
Removal of binary installers
Starting from Jira 10.0, the .bin
and .exe
installers will no longer be available. You can still install Jira using the .zip
and .tar.gz
distributions.
Because of this change, Java is no longer bundled with Jira. Install Java manually
Application Links compatibility
Starting from Jira 10.0, Application Links are only backward-compatible with products that have integrated a particular bug fix addressing incorrect Application Links version parsing. To enable Application Links to function properly, make sure to upgrade any other Atlassian products to a minimum supported version:
Jira Software | Jira Service Management | Confluence | Bitbucket | Bamboo | Crowd | Fisheye and Crucible |
---|---|---|---|---|---|---|
|
|
|
|
|
|
|
Velocity path traversal prevention and allowlisting
We've upgraded Velocity to the Atlassian fork to implement path traversal prevention and allowlisting. The path traversal mechanism will escape any method call which contains parameter with path traversal symbols like ../
. The method call will appear as a string on the front-end side.
Velocity template method invocations are now restricted to an allowlist. Unauthorized invocations will trigger a log warning and will be blocked to mitigate Server-Side Template Injection (SSTI) vulnerabilities. The global method allowlists encompass JDK and Atlassian class methods. Apps have the option to define their own allowlist using the module descriptor which will complement the global allowlist. We recommend that apps only expose immutable Data Transfer Objects (DTOs) and refrain from invoking application services or beans from templates.
Furthermore, all Velocity template files residing on the file system must be both allowlisted and of an allowlisted file type. This serves as a basic defense against attacks that combine file system access with a request to achieve remote code execution.
For now, the Velocity method allowlist is in debug mode so that app developers can adjust to this mechanism and for us to complete the main allowlist and minimize the risk of issues. The debug mode will be disabled at the earliest in the upcoming LTS.
Disabling the runtime JavaServer Pages compilation
JavaServer Pages (JSP) runtime compilation will be disabled in Jira Software 10.0. JSP files added to the Tomcat directory that aren't shipped with the product won’t be served. Furthermore, no modifications to the JSP files will be reflected. We recommend using Soy or Velocity templates instead.
Custom JSPs are blocked unless loaded by an action
We’ve blocked direct requests to JSP files. JSP files can now be only loaded when requested by an action.
End of support announcements
We’ve removed support for:
.bin
and.exe
binary installers- H2 database engine
- Java 8
- Java 11
We’ve unbundled:
Java (due to the binary installers removal)
For the list of supported platforms, check Supported platforms.
For previous announcements, see End of support announcements.
App developers
For any important changes regarding apps, check out the Jira changelog.
FAQ for app developers
Based on your feedback from the Developer Community announcement of Jira 10.0, we’ve prepared a list of frequently asked questions.
Upgrade procedure
To help you upgrade to the latest and greatest:
- See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
- For a more tailored upgrade, go to Jira administration > Applications > Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.