Jira Service Management 5.15.x release notes

Jira Service Management Release Notes

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

More

Read the Jira Service Management 5.15.x upgrade notes for important details about this release and see the full list of issues resolved.

Compatible applications

If you're looking for compatible Jira applications, look no further:

Jira Service Management 5.15.0 and 5.15.1 are affected by a bug, which causes random values to appear in the Assets custom field. We're working on fixing this issue in an upcoming bufgix release. More information about this issue is available under the following link:

JSDSERVER-15255 - Getting issue details... STATUS

Archive unused Assets objects

For: ADMINS

Declutter your instance and improve the performance of object searches by archiving the assets you no longer need. Previously, you had to permanently delete objects when your available index memory was low to make room for new objects. Now, you can archive objects instead. If you accidentally archive any objects, you can always restore them. Learn more about archiving objects

To archive an object:

  1. Log in as an Assets Manager, Assets Administrator, or a Jira admin.
  2. Navigate to an object and then from the More options menu, select Archive.

If you’ve unintentionally archive an object and want to restore it:

  1. From the top navigation bar, select Assets then Archived objects.
  2. Use the filters to search for the object and select Restore.


Archiving objects reduces the amount of memory used, allowing more objects to be stored without the need for additional instance memory.

For example, archiving 30% of the objects in an instance will:

  • reduce memory usage by ~30%
  • speed up operations that act on all objects by 30%, for example performing a re-index or opening the Object Schemas list page.

Archived objects do not count towards the Assets Objects limits in guardrails.


An object is being archived and restored from the Archived Objects page

Improvements to modal dialogs in Assets

For: EVERYONE

We improved the user experience of modal dialogs and addressed several accessibility issues by upgrading the Atlassian User Interface (AUI) dialog from AUI Dialog1 to AUI Dialog2 in Assets.

Changes to Security Bug Fix Policy

For: EVERYONE

We are updating the Atlassian Security Bug Fix Policy. Changes will take effect across all Data Center products on March 15, 2024.

What’s changing?

Previously, we delivered bug fix releases for any supported Long Term Support release in accordance with the Atlassian Support End-of-Life Policy, and for all product versions that are no older than 6 months.

With our new policy, we will continue to deliver a bug fix release for any supported Long Term Support release in accordance with the Atlassian Support End-of-Life Policy, but we are updating our policy to only support the most recently shipped feature release.

In the event of a critical vulnerability, we will take all of the following steps:

  1. Ship a bug fix for the latest feature release of the product affected by the vulnerability.

  2. Ship a new feature release for the affected product according to the release schedule.

  3. Ship a bug fix release for all supported Long Term Support releases of the affected product, adhering to the Atlassian Support End of Life Policy.

We aim to develop the most effective methods for enhancing the security of our software and delivering updates faster and more frequently. When considering an upgrade, you can be sure that the latest feature release is the most secure and stable product version as it contains the most up-to-date security fixes and feature enhancements.

If you have any concerns or if you require clarification on any aspect of the updated bug fix policy, please do not hesitate to reach out to our support team.

ADVANCE NOTICE Transition from http-builder library to native Groovy GET and POST

For: ADMINS

We are planning to remove the http-library in Jira Service Management 10.0 because it is not being actively maintained. If you are using this library in Groovy scripts, we recommend that you switch to the native Groovy GET and POST methods.

ADVANCE NOTICE Groovy 4 upgrade

For: ADMINS

We’re planning to upgrade from Groovy 2 to Groovy 4 in Jira Service Management 10.0 for better security, functionality, and syntax support. If you’ve been using Groovy scripts in Assets, test your existing scripts in the EAP release of Jira Service Management 10.0 or the Groovy 4 console to make sure your scripts work properly.

Here’s some of the important breaking changes:

  • Changes to the syntax of the switch statement.
  • Changes to the syntax of the intersect() method on arrays.
  • Changes to the resolution of properties of isser/getter.
  • picocli package is no longer bundled, use an extra @Grab instead.
  • ImportCustomizer is applied once per module (previously it was applied once per class).
  • groovy-jaxb, groovy-bsf, and StaticTypeCheckingVisitor#collectAllInterfacesByName modules are no longer available.
  • Antlr2 based parse is no longer available (use the new Parrot parser).
  • Changes to the formatting of some CLI help messages.
  • If you run into the following issue with JsonSlurper, replace JsonSlurper with Jackson ObjectMapper.

    java.lang.RuntimeException: Unable to load FastStringService
    	at org.apache.groovy.json.internal.FastStringUtils.getService(FastStringUtils.java:56) ~[?:?]
    	at org.apache.groovy.json.internal.FastStringUtils.toCharArray(FastStringUtils.java:66) ~[?:?]
    	at org.apache.groovy.json.internal.BaseJsonParser.parse(BaseJsonParser.java:114) ~[?:?]
    	at groovy.json.JsonSlurper.parseText(JsonSlurper.java:205) ~[?:?]
  • The following table lists the changes to the names of classes, packages, and modules:

    Class/package/module nameGroovy 2Groovy 4
    groovy-xmlgroovy.utilgroovy.xml
    groovygroovy.xml.QNamegroovy.namespace
    groovy-antgroovy.utilgroovy.ant
    groovy-consolegroovy.inspectgroovy.console

    groovy.inpsect.swingui

    groovy.ui

    groovy.console.ui
    groovy.ui.ConsoleAppletDeprecated
    groovy-groovysh

    org.codehaus.groovy.tools.shell

    org.apache.groovy.groovysh
    groovy-jmx

    groovy.util.GroovyMBean

    groovy.jmx
    groovy-nio

    org.codehaus.groovy.runtime.NioGroovyMethods

    org.apache.groovy.nio.extensions.NioExtensions

    org.codehaus.groovy.runtime.WritablePath

    org.apache.groovy.nio.runtime
    groovy-swing

    org.codehaus.groovy.binding

    org.apache.groovy.swing.binding

    groovy.model

    groovy.swing.model

    groovy.inspect.swingui

    org.apache.groovy.swing.table
    groovy-test

    org.codehaus.groovy.runtime.ScriptTestAdapter

    org.apache.groovy.test
    groovy.transform.NotYetImplementedgroovy.test.NotYetImplemented
    groovy.utilgroovy.test
    groovy.langgroovy.test
    GroovyClassLoaderTypes for sourceCache and classCache have changed from Map to stronger types

For the full list of breaking changes, check out:

ADVANCE NOTICE Expected downtime due to database upgrade in Jira Software 10.0 and Jira Service Management 10.0

For: ADMINS

We’re planning to change the structure of MySQL and Oracle databases in Jira Software 10.0 and Jira Service Management 10.0 to enhance the accuracy of timestamps for operations, down to the millisecond (operations such as creating issues, updating comments, or changing statuses).

If you’re using a MySQL or Oracle database, you’ll notice an additional upgrade downtime as some columns from the jiraissue, jiraaction, and changegroup tables will be migrated during the upgrade. We expect this downtime to be less than 20 minutes if you have fewer than five million issues. Note that the downtime will be proportional to your database performance, size, and the row count in the jiraissue, jiraaction, and changegroup tables.

To get an accurate estimate and plan your upgrade:

  1. Find the row counts by running the following commands in your database:

    SELECT COUNT(*) FROM jiraissue;
    SELECT COUNT(*) FROM jiraaction;
    SELECT COUNT(*) FROM changegroup;
  2. Use the following benchmark data provided for Amazon RDS db.m6g.8xlarge and estimate your downtime:
    1. jiraissue table: approximately 26.527 seconds per million rows
    2. jiraaction table: approximately 7.592 seconds per million rows
    3. changegroup table: approximately 9.468 seconds per million rows

For example, if you have 5 million, 8 million, and 80 million rows in the jiraissue, jiraaction, and changegroup tables respectively, you can expect a downtime of about 16.65 minutes.


ADVANCE NOTICE Removal of internal GraphQL APIs in Assets

For: ADMINS

In Jira Service Management 10.0, we are planning to remove the internal Assets GraphQL APIs to enhance security, establish consistent API patterns across Jira Service Management and Assets, and to clean up our code base. We will migrate the APIs that are used to configure Assets icons to new internal REST endpoints.

We’ll be removing the following:

  • GraphQL endpoint /insight/graphql
  • GraphQL queries:

    Query nameDescription

    findObjectSchemas

    Find object schemas for provided filter. If no filter is provided, all object schemas will be returned.

    objectSchema

    Get an object schema by its ID

    findObjectTypes

    Find object types for provided filter. If no filter is provided, all object types will be returned.

    findObjectTypeRelations

    Find related object types

    objectType

    Get an object type by its ID

    icon

    Get an icon by its ID

    globalIconTheme

    Get the global icon theme

    findObjects

    Find objects for provided filter. If no filter is provided, all objects will be returned.

    findObjectReferences

    Find inbound and outbound references for the given object

    findStatusTypes

    Find status types for provided the filter. If no filter is provided, all object status types will be returned.

    findReferenceTypes

    Find reference types for the provided filter

    object

    Get an object by its ID

    findObjectTypeAttributes

    Find object type attributes for provided filter. If no filter is provided, all object type attributes will be returned.

    objectTypeAttribute

    Get an object type attribute by its ID

    findUniqueObjectAttributeValues

    Find unique object attribute values for a given object type attribute

  • GraphQL mutations:

    Mutation nameDescription

    createObjectSchema

    Create a new object schema

    updateObjectSchema

    Update an existing object schema's name or description

    copyObjectSchema

    Copy an existing object schema

    deleteObjectSchema

    Delete an existing object schema

    createObjectType

    Create a new object type

    updateObjectType

    Update an existing object type

    updateObjectTypePosition

    Change the position of an object type in the object types structure

    copyObjectType

    Copy an existing object type

    deleteObjectType

    Delete an existing object type

    createObject

    Create a new object

    updateObject

    Update an existing object

    deleteObject

    Delete an existing object

    createObjectTypeAttribute

    Create a new object type attribute

    updateObjectTypeAttribute

    Update an existing object type attribute

    configureObjectTypeAttribute

    Change configuration of the object type attribute

    updateObjectTypeAttributePosition

    Change the position of an object type attribute in attribute list

    deleteObjectTypeAttribute

    Delete an existing object type attribute

    createIcon

    Create new icon

    updateIcon

    Update an existing icon

    deleteIcon

    Delete an existing icon

    configureGlobalIconTheme

    Configure the global icon theme

    resetGlobalIconTheme

    Reset the global icon theme to its default configuration

The following features live in the Jira platform, which means it's available for Jira Software and Jira Service Management.

Restrict file extensions that can be uploaded to your Jira

Grab one more security feature out of the box! To protect your Jira instance and your organization’s infrastructure from potential malware, admins can now restrict unwanted file extensions from being uploaded through issues. To restrict specific file formats, you just need to create a blocklist or an allowlist of file extensions that must be blocked or allowed, respectively.

How to restrict file extensions

Tightening access with a websudo allowlist

To add an extra layer of security to websudo operations, you can configure and enable your own IP address/subnet allowlist for Jira. This means that certain superuser operations can only be performed from pre-approved IP addresses.

How to create a websudo allowlist

Confluence Page Viewer replaces the Confluence Page Gadget

In this release, we’re replacing the old and popular Confluence Page Gadget with the new Confluence Page Viewer. The new gadget is built on top of a modern and secure technology stack and comes with several UI improvements for a better overall experience. And just like with the old one, you can use the Confluence Page Viewer to embed a page from a linked Confluence Data Center site on your Jira dashboard.

About gadgets for Jira applications

The new Confluence Page Viewer

Introducing the Software Bill of Materials (SBOMs) in Jira Software and Jira Service Management

Continuing our commitment to providing the most secure products for our customers, we’re introducing Software Bill of Materials (SBOMs) for Jira Service Management. 

More information

What is SBOM and why are we adding them?

SBOM is a detailed list or inventory of all the components in a piece of software. These components can include open-source software, proprietary code, libraries, frameworks, and other elements used in the software. 

SBOM is essential for ensuring compliance with different regulations and standards; for example, the United States Executive Order on Improving the Nation's Cybersecurity, the European Union NIS 2 Directive and Cyber Resilience Act. It enhances transparency and facilitates a deeper understanding of software components, their versions, dependencies, and updates to their security vulnerabilities.

Furthermore, SBOM can help app developers and admins identify potential security risks, manage licenses, and maintain software more effectively. For example, if a vulnerability is discovered in a specific open-source component, anyone with access to SBOM can quickly check if their software is affected.

How SBOM is generated

We use Syft, an open-source tool, to automatically generate SBOM files during the product build process.  Syft scans the code, identifies dependencies, and compiles a JSON file with the results. Syft supports various SBOM formats, with CycloneDX being Atlassian's current choice due to its popularity. 

Where to find SBOM

To locate the SBOM, go to the sbom/ folder in the installation directory of your Atlassian product and search for a file named with either of the following patterns: <product_name>-<version>-cyclonedx-sbom.json or <product_name>-<version>-sbom.cdx.json

Check an example for Jira Software 9.15:

atlassian-jira-software-9.15-cyclonedx-sbom.json

Important to know

Due to the complex, plugin- and component-based architecture of our product suite, we are gradually revealing all front-end dependencies. Our current SBOMs cover a portion of these dependencies.

Resolved issues

Last modified on Jul 25, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.