Happy new year everyone! And welcome to the December 2019 edition of our monthly recurring blog post covering the highlights of Atlassian Server and Data Center product updates. For each product, we cover a selection of the most exciting new features, bug fixes and security advisories that were released in the last month.
In this month’s edition we give a quick wrap up of the most exciting things that were released in 2019 and we’ll, of course, cover the release highlights for each product for December 2019.
As TMC ALM, we provide services for keeping your products up-to-date. We have a lot of experience with upgrading Atlassian environments safely and securely. Your data and business continuation has our top priority! When looking at Atlassian from a Platinum partner perspective we notice a significant trend at Atlassian. Although this is a monthly release update, when we zoom out and look at Atlassian (feature) development, in general, we see that the main focus is at data center and the cloud. To learn more about what this trend or the new releases mean for you and your organisation, please check out our services page or contact us.
So what was 2019’s biggest highlight in the Atlassian Server and Data Center department? If you ask us, it was the Jira 8 platform release which boosted Jira’s performance significantly. Later Jira 8 feature releases added some new cool features as well like flexible boards, component archiving, the Jira mobile app, CDN and issue archiving for Data Center, batched e-mail notifications, new user management screen in project settings and a new portal experience for Jira Service Desk.
Confluence 7 didn’t bring us significant changes as most of the new features were already introduced in the latest Confluence 6 feature releases at the beginning of 2019. Think of the new search UI and the editor upgrade. What was noticeable though, were the number of security advisories published for Confluence in 2019. If you didn’t upgrade Confluence at all in 2019, please do so as soon as possible!
Bitbucket also received a bunch of cool new features like the built-in announcement banner, slack integration, code suggestion in pull request comments, search improvements, Jenkins integration and CDN support for Data Center.
Bamboo received the new look and feel and some improvements on existing features. The real highlight might be the updated service wrapper for Bamboo agents since Bamboo 6.10 which makes the Bamboo (agent) administrator’s life a lot more convenient.
What should we expect in 2020 for the Atlassian stack? In early 2020, the Bitbucket 7 platform release will be made available. We are also very curious if 2020 will feature a new Bamboo platform release.
For Confluence, we hope to see the Confluence 7 Enterprise release so that customers tied to Enterprise releases can finally start using the new features introduced with Confluence 6.14 en 6.15.
And what will happen with Jira is completely unknown. Maybe Jira Server will follow Jira Cloud with a new issue view or Next-gen projects for example? Looking at December’s feature update for Jira, still, a lot is happening and not just for Data Center.
Jira’s December Release Highlights
Jira 8.5.2 is the first real bugfix release for the Jira 8 Enterprise release and includes a whole bunch of small bugs, including:
- Replying by email on forwarded issues created a new issue instead of updating the existing one (JRASERVER-43397)
- A 404-error appears when selecting View in Excel on any issue in the backlog view (JSWSERVER-14867)
- A medium severity security vulnerability allowing authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check (JRASERVER-70405, CVE-2019-15013)
- After parsing Jira’s gadget feed in Confluence, Jira gadgets are not listed on the “Select macro” page in Confluence (JRASERVER-70284)
- Project copy based on existing configurations performs very slow or fails when there are custom fields configured per project context (JRASERVER-70233)
- When trying to print the Issue view page not all pages of the issue are printed if there is more than one page to print (JRASERVER-62377)
This feature release of Jira 8 includes a lot of new useful features. We’ve made a selection of the most interesting ones:
- Start/Complete sprints permission has been added that allows a user to start and stop a sprint if the dates or duration is set, and the Edit sprints permission is also added to allows a user to edit the name and goal of the sprint. This is on top of the Manage sprints permission.
- When upgrading Jira, you no longer need to manually backup/copy configuration customization. These will be automatically copied to the new instance.
- A new check is added that verifies that you’re using the recommended JVM configuration for code cache memory. Insufficient code cache memory can impact performance.
- Two email handlers ( ”Add a comment from the non-quoted email body” and ”Create a new issue or add a comment to an existing issue”) are now deprecated to encourage administrators to use another, already available handler that we believe will serve their needs much better (”Add a comment before a specified marker or separator in the email body”). Read more about it here.
- The Users and roles page within project settings is updated and allows for more efficiently assigning roles to users and groups. This page works similar to Jira Cloud implementation now.
- PostgreSQL 10 is now officially supported, but a bunch of alder database platforms are now deprecated and will be unsupported starting with Jira 8.8:
- SQL Server 2012
- PostgreSQL 9.4
- Oracle 12c R1
- PostgreSQL 9.5
- MySQL 5.6
- SQL Server 2014
- Wildcard prefix search is now available, where before only suffix search was available (*keyword vs keyword*)
- The “more”-menu in the issue view is now scrollable, making it more user-friendly.
- The Jira REST API has been extended to fully automate creating new projects with specific workflowSchemes.
- Burn-up charts are now also available in Server instead of just Cloud. This allows you to keep teams on track with a visual representation of a sprint’s scope and identify problems such as scope screen or a deviation from the planned project path.
For Data Center customers, the following features have been added with Jira 8.6:
- New items available in the audit logging:
- Dark feature enabled/disabled
- Jira service deleted
- Project role created
- JMX monitoring enabled/disabled
- The capabilities of the Atlassian Cluster Monitoring plugin have been extended to give you more tools to manage your data center nodes. The list will now show information on node up-time (since the last restart), ID, load and memory. The list will only show active nodes so a node which is down will not be displayed.
- Last but not least, rate limiting has been added which basically giving your Jira instance the power to self-protect against huge bursts of requests from scripts and automated integrations. Admins can control how many REST API requests automations and scripts can make, and how often they can make them.
Jira Service Desk
Besides the bugs fixed in Jira 8.5.2, the following JSD specific bugs have been fixed in this Enterprise release of Jira Service Desk 4:
- Autowatch is not working after creating an issue (JSDSERVER-6615)
- It is not possible to edit a JIRA Service Desk comment when attachments are disabled (JSDSERVER-4379)
- In timezones below GMT, selected dates were saved to the day before in the Calendar holiday selector (JSDSERVER-6599)
If you haven’t noticed the list of new features introduced in Jira 8.6 (above), then you might be interested in reading those as well, because they are also available for Jira Service Desk. Additionally Jira Service Desk has received some new features on its own as well:
- The in JSD 4.1 introduced new portal experience is now default.
- Queues are now sortable by columns and these settings are saved in the agent’s profile.
- New REST endpoints have been added to manage queues:
- Create queue
- Reorder queues
- Get queue
- Update queue
- Delete queue
- Next and previous buttons have been added to the bottom of search results in the portal. So instead of customers having to navigate back to the search results page to view the next search result, they can click the next button on the currently opened search result to see the next search result.
Jira 8.6 and JSD 4.6 are both very interesting releases and probably worth the effort to upgrade to. This, of course, depends on the release you are using now.
If you are tied to Enterprise releases and haven’t upgraded to Jira 8.5 yet, Jira 8.5.2 is the release to put on your calendar for upgrading. If you are already on Jira 8.5.0 or 8.5.1, please check out if the bug fixes in this release solve problems you are currently experiencing.
Confluence’s December Release Highlights
Confluence 7.1.1 is a bugfix release which solves several minor bugs, including:
- Two bugs that made anchor links less dependable (CONFSERVER-41483, CONFSERVER-58360)
- Issues with Team Calendars (CONFSERVER-59142, CONFSERVER-58896)
- Issues with Confluence Questions (CONFSERVER-46917, CONFSERVER-56353)
This bugfix release of Confluence fixes a medium severity security vulnerability which was introduced in version 6.11.0 of Confluence Server and Confluence Data Center.
An attacker in the position to control DNS resolution of their victim could perform a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information.
The vulnerability can easily be mitigated by either updating the Confluence Previews plugin manually or disabling the Companion App integration in the Confluence Previews plugin. Do note that this should be used as a temporary workaround.
With this feature release of Confluence 7, it is possible to start making use of Data Center features if you run a single instance, so without the need of a clustered deployment. You do however still need a Data Center license. Features you can make use of are SAML single sign on, read-only mode for site maintenance, and CDN support.
If you haven’t upgraded to Confluence 7 yet and aren’t tied to Enterprise releases, Confluence 7.2.0 is a good release to upgrade to. Dependent on which Confluence 6 version you are coming from, a lot of bugs have been fixed and even some useful features have been added.
If you are already on Confluence 7 there’s no real need to upgrade. If you choose to not upgrade Confluence, make sure you either update the Confluence Previews plugin manually or disable the Companion App integration in the Confluence Previews plugin.
Bitbucket’s December Release Highlights
With Bitbucket 6.9.x Atlassian introduces some nice new features and a few bugs are fixed as well.
- Author and committer
If authoring and committing were done by different people, Bitbucket Server now shows both of their avatars on the corresponding commit.
- Code Insights merge checks
Bitbucket Server 5.15 introduced Code Insights, a feature that allows CI systems and other analysis tools – like static code analyzers, testing tools, and security scanners – to surface insights about code quality in pull requests.
Code Insights merge checks allows you to block pull requests from being merged until their Code Insights quality reports meet your requirements.
- Git commit graph
Bitbucket Server 6.9 with Git 2.24 or higher will automatically enable Git’s commit-graph feature, which can provide a significant performance improvement for a variety of operations. The commit-graph file format is faster to parse than decompressing commit files and parsing them to find their parents and root trees. Another advantage of this feature is the inclusion of extra information that helps avoid parsing some commits altogether.
Three critical major bugs are fixed in this release. These bugs make Bitbucket Server vulnerable for remote code execution under certain circumstances. Atlassian however, did not put out a security advisory for these vulnerabilities. The reason behind that is unknown to us. To read more about the security vulnerabilities, check out:
- BSERV-12100 Remote Code Execution (RCE) via in Browser Editing
- BSERV-12099 Remote Code Execution (RCE) via Argument Injection
- BSERV-12098 Remote Code Execution (RCE) via certain user input fields
The following releases are also newly available and fix these vulnerabilities:
Atlassian will be releasing Bitbucket 7 in early 2020 and is also slowly giving some details about this platform update.
- The 7.0 release won’t change what platforms are supported, rather it’s simply enforcing the supported platforms Bitbucket Server has always had. To make sure you have ample time to prepare, Bitbucket Server has a check in place that detects whether or not you’re on a supported platform. If the system detects that you aren’t, Bitbucket Server display a warning banner and an alert in the UI.
- The 3-way
diff for pull requests will be replaced by a 2-way diff in Bitbucket
7.0. This means that from 7.0 onward when viewing a pull request, the
diff shown is a diff between the tip of the source branch and its common
ancestor with the target branch. As a result of this switch, you’ll see
the following primary changes:
- Pull requests will no longer visualize conflicts. The UI will still indicate when a pull request has conflicts, but they will no longer be marked up in the diff.
- Equivalent changes will not be “hidden”. If two different commits make the same change, a 3-way diff shows nothing (since it’s done the merge and knows nothing has changed), but a 2-way diff will still show the change.
- Lower CPU load. The processing required for a 2-way diff is substantially less than the requirements for a 3-way diff.
Definitely update Bitbucket to one of the releases that fix the security vulnerabilities discussed under the Bitbucket 6.9.1 release paragraph. We suggest upgrading to Bitbucket 6.9.1 which fixes a lot of bugs and also to prepare for the upcoming Bitbucket 7 release.
If upgrading Bitbucket, make sure you also upgrade Git to at least version 2.20, but preferably version 2.24 to be able to make use of new functionality and mitigate any security vulnerabilities that have been fixed since.
Bamboo’s December Release Highlights
Bamboo 6.10.4 contains bug fixes for minor low priority bugs and was actually released in November but was not covered in our November 2019 release highlights.
For a full overview of new features added in Bamboo 6.10.4, check out our September 2019 release highlights blog post.
If you manage a lot of agents and are not already on a 6.10.x version of Bamboo, then upgrading to Bamboo 6.10.4 is a must. The addition of favourite quick filters and personal access tokens are nice, but no reason to create downtime.
Planning downtime can be a pain with large instances, you could also choose to only pull the agent installer from a temporary Bamboo 6.10 installation and update the agent. The installer is backwards compatible with older Bamboo releases.
Thanks for reading and all the best for 2020!
Remember to contact us if you have any (support) questions.