Welcome to the November 2019 edition of our monthly recurring blog post covering the highlights of Atlassian Server and Data Center product updates. For each product, we cover a selection of the most exciting new features, bug fixes and security advisories that were released in the last month. 

This month’s most exciting releases are the Bitbucket 6.8 and Confluence 7.1 feature releases. Also, two security advisories were released for Jira Service Desk.

As TMC ALM, we provide services for keeping your products up-to-date. We have a lot of experience with upgrading Atlassian environments safely and securely. Your data and business continuation has our top priority! When looking at Atlassian from a Platinum partner perspective we notice a significant trend at Atlassian. Although this is a monthly release update, when we zoom out and look at Atlassian (feature) development, in general, we see that the main focus is at data center and the cloud. To learn more about what this trend or the new releases mean for you and your organisation, please check out our services page or contact us.

Jira’s November Release Highlights

Jira 8.5.1

Jira 8.5.1 does not contain any fixes or features for Jira Software nor Core. They got bumped a bugfix release version due to two security issues found in Jira Service Desk.

Jira Service Desk 4.5.1

Two critical security advisories have been published for all versions of Jira Service Desk before 3.9.17, from 3.10.0 before 3.16.11, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and 4.5.0.

Both security vulnerabilities allow an attacker with portal access to view all issues within all Jira projects contained in the vulnerable instance. If you are unable to update immediately, you should implement a temporary workaround that blocks or redirects requests containing “jsp” and “..”.

• CVE-2019-15003: (JSDSERVER-6590).
• CVE-2019-15004: (JSDSERVER-6589).

Besides 4.5.1, security fixes are available in the following bugfix releases:

• 3.9.17
• 3.16.11
• 4.2.6
• 4.3.5
• 4.4.3
• 4.5.1 (Latest Enterprise release)

Our advice

If you are on one of the affected Jira Service Desk releases, the advice is to update immediately or mitigate the risk by implementing the before-mentioned workaround.

For all other Jira products, last months advice is still valid.

Confluence’s November Release Highlights

Confluence 7.1.0

At the beginning of November, Atlassian released Confluence feature release 7.1.0. This release contains what Atlassian calls a “macro improvement bonanza” which basically includes the following three improvements:

• The Spaces list macro by default now only shows non-archived spaces.
• The Change history macro now allows you to limit the number of page versions that are shown.
• Content by label macro has gotten an option to exclude the current page from the list, even if it matches your search.

Other new features are:

1. Java 11 support which is a Long Term Support version. This means you can count on regular bug fixes and security updates for several years.
2. Skip attachments when copying a page is now an option. Previously all attachments were automatically copied with a page copy.
3. Edit in Office is once again possible without the companion app! This feature was removed with Confluence release 6.11 and replaced with not so popular Atlassian Companion app. Atlassian listened to their community and once again allows attached office files to be edited without any hassle. This feature has to be enabled through the so-called “dark features”-page: /admin/darkfeatures.action by adding the enable.legacy.edit.in.office flag.

 Several bugs have also been fixed, including:

1. SQL server upgrade fix (CONFSERVER-58944)
2. Page properties report sorting fixed (CONFSERVER-33068)

Our advice

Unfortunately, Confluence 7.1.0 still doesn’t contain any exciting features you would expect from a new platform release. We suggest you wait with upgrading until at least the bugfix release (7.1.1) for this version has been released if you want to upgrade to Confluence 7.

In all other cases, keep in mind the security advisories that have been released the past year to check if upgrading is worth the time and effort.

Bitbucket’s November Release Highlights

Bitbucket 6.8.0 and 6.8.1

Feature release 6.8.0 and its bugfix release (6.8.1) have been released this month for Bitbucket Server and Data Center.

Noteworthy new features include:

• Jenkins integration with the Jenkins plugin. This plugin is compatible with Bitbucket Server versions 5.5 onward. Check this 5 minute YouTube video for more info:

• CDN support for Data Center allowing Bitbucket to serve static assets (such as JavaScript, CSS, and fonts) from servers closer to the users their location, resulting in faster page load times.
• Performance improvements for the git clone and fetch operations by automatically enabling delta Islands for your repositories when using Bitbucket 6.8 in combination with Git 2.20 or higher.

Bitbucket 6.8.1 contains two bugfixes:

• When cloning/pulling via SSH from a mirror, all requests for LFS files get redirected to the Upstream rather than simply converting to an HTTP(s) URL of the Mirror itself. This has been fixed (BSERV-11504).
• When a pull request between two repositories is merged, if the user who merges the pull request does not have at least read access to the source repository, hook scripts will now be invoked (BSERV-12045).

Our advice

For the new Jenkins integration you do not have to upgrade, just install the app.

We suggest you upgrade if one of the bugs above is blocking your way-of-working or if you are experiencing performance issues with clone and fetch operations, which can improve to almost half the original time. Don’t forget to also upgrade Git if you are on a version lower than 2.20

Thanks for reading and happy holidays!