Welcome to the September 2020 edition of our monthly recurring blog post covering the highlights of Atlassian Server and Data Center product updates. For each product, we cover a selection of the most exciting new features, bug fixes and security advisories that were released in the last month.
In this month’s edition, we cover the new Bitbucket 7 LTS release, Confluence’s 7.8 feature release and several bugfixes for most products. To find out more, keep on reading!
As TMC ALM, we provide services for keeping your Atlassian tools up-to-date. We have a lot of experience with upgrading Atlassian environments safely and securely. Your data and business continuation has our top priority! When looking at Atlassian from a Platinum partner perspective we notice a significant trend at Atlassian. Although this is a monthly release update, when we zoom out and look at Atlassian (feature) development, in general, we see that the main focus is at Data Center and the Cloud. To learn more about what this trend or the new releases mean for you and your organisation, please check out our services page or contact us.
Jira’s September Release Highlights
Jira 8.12.1 and 8.12.2
The bugfix releases 8.12.1 and 2 were released on September 7th and 21 respectively and include the following worth mentioning fixes:
- Apache Tomcat has been updated to 8.5.57 due to security vulnerabilities CVE-2020-13934 and CVE-2020-13935 (JRASERVER-71321).
- Since Jira 6.4 the “You can now access JIRA through your web browser” message appeared way too early in the Jira log (JRASERVER-61595). This has been updated as follows:
- We updated the existing logging to make it clearer that while Jira can now be accessed through a web browser, it is still initialising plugins and caches. At this point, you will see the startup screen in your browser.
- Added a line when Jira unblocks HTTP traffic to the backend and Jira is now fully accessible.You will now see logging like this:
2020-08-15 04:40:03,693+1000 JIRA-Bootstrap Jira 8.12.0-SNAPSHOT build: 812001 started. You can now access Jira through your web browser. Plugins and caches are being initialised. ..... 2020-08-15 04:42:02,179+1000 localhost-startStop-1 INFO [c.a.jira.startup.LauncherContextListener] Startup is complete. Jira is ready to serve
- A NullPointerException issue has been fixed that could appear when opening the new advanced audit logs that were introduced since Jira 8.10 (JRASERVER-71553).
- Incremental synchronisation fails back to Full synchronisation with a SQL Exception in Postgres database for Jira 8.11. This has been fixed in Jira 8.12.2 (JRASERVER-71465).
- Since Jira 8.4, batched notification emails have an empty content when triggered by a custom event using the Issue created template. This has been fixed in Jira 8.12.2 (JRASERVER-71145).
Jira Service Desk 8.12.1 and 8.12.2
Several bugs have been fixed for JSD as well with the release of JSD 8.12.1 and 8.12.2. These are the most interesting ones:
- With JSD 8.12.1, the organization field has become sortable using JQL (JSDSERVER-4548).
- Since JSD 4, archived components were still available on the Customer portal. This has been fixed with the release of JSD 8.12.1 (JSDSERVER-6584).
- In Jira 8.12 onwards, the AUI was upgraded to version 9, as can be verified on Preparing for Jira 8.12. This change broke the Service Desk account signup when public signup is allowed. But only if a Password Policy is enabled and if Email Verification is required for signups. This has been fixed in Jira 8.12.2 (JSDSERVER-6994).
- JSD Automation webhooks appear to be executed with no defined socket timeouts (note, this is a different implementation from the core Jira). Consequently, a poorly behaving receiver can prevent JSD automation webhooks from being sent. Normally the connection should timeout after being stuck in SocketRead() for some time. However, the connection never seems to be closed when a receiver is misbehaving and not terminating the connection from its end (JSDSERVER-6979).
- JSD’s Automation webhooks behave differently to Jira webhooks when using Jira behind outbound HTTP-proxy. Jira webhooks respect the NonProxyHosts configuration while Service Desk webhooks always go through the proxy. This can also lead to a scenario where using JSD’s automation to fire webhooks, they look like they are sent, but they timeout and/or fail silently (JSDSERVER-6789).
As mentioned in last month’s edition, we highly recommend to upgrade Jira to Jira 8.12, but we suggested to wait on the first bugfix release for this version (8.12.1). If you haven’t upgraded to Jira 8.12.1 yet, we suggest you upgrade to 8.12.2 instead. The same logic applies to Jira Service Desk. Upgrade to JSD 4.12.2 if you are not already on JSD 8.12.1.
For the Long Term Support (LTS), formerly Enterprise release customers, we strongly advise upgrading to Jira 8.5.8, if you aren’t on 8.5.7 yet. Jira 8.5.8 and JSD 4.5.8 contain two medium severity security fixes (JRASERVER-71498 and JRASERVER-71536).
Confluence’s September Release Highlights
In September 2020, three bugfix releases were released, including the 7.4.4 Long Term Support (LTS) release. On September 29th, Atlassian also released a new feature release, Confluence 7.8. We will cover the most interesting features and bugfixes from these releases.
Confluence 7.4.4 LTS
- A JVM parameter has been introduced to prevent users from applying image effect to very large images because this can cause Confluence to become unresponsive during the time when the image transformation is being applied, and this may temporarily render the instance unusable (CONFSERVER-55315). The JVM parameter is: -Datlassian.image_filter.transform.max_data_size=1000000
- When Confluence asynchronous events are generated faster than Confluence can process them this queue is backed up, typically due to a performance issue. The error message that is printed to the log is too implicit about what is causing the issue and troubleshoot it. The error log message has been made more explicit in Confluence 7.6.2 (CONFSERVER-55028).
- After upgrading the Confluence to version 6.13.13. 7.4.3, 7.5.2, 7.6.0, 7.6.1 or 7.6.2, the Synchrony process doesn’t start anymore and it gives below error while starting the Synchrony. This issue only appears when Confluence is using Datasource for connecting the database, default JDBC connection works properly without any issue (CONFSERVER-60120).
Confluence 7.7.3 and 7.7.4
- A long outstanding bug related to collaborative editing has been fixed in Confluence 7.7.3; When the storage format of a page embeds an image that is not yet attached to the page, the image will still be rendered as “Unknown attachment” in the page editor although the image has been added to the page beforehand (CONFSERVER-55928).
- When using the Excel Macro, the Edit button is only available on the page that the excel sheet is attached to. Other pages using an Excel Macro that is attached to another page no longer include the Edit button above the macro (CONFSERVER-59987).
- Jira Issues Macro fetches unnecessary fields from Jira because the request URL contains field=allcustom parameter causing the search to be extremely slow especially with instances comprised of a large number of custom fields (CONFSERVER-56017).
- The API endpoint /rest/masterdetail/1.0/detailssummary/lines is no longer working after upgrading to Confluence 7.7 or higher.
Related to this, when adding a Page Properties Report macro to the same page containing a Page Properties macro results in an error.
Also related to this, when a user tries to add more than two “page properties report”-macros in a Confluence page, Confluence is only able to render the first two “page properties report”-macros and the third macro will render with an error.
These bugs have been fixed with Confluence 7.7.4 (CONFSERVER-60219, CONFSERVER-60290 and CONFSERVER-60289).
- In a Confluence site version 7.4.x or 7.6.x connected to a Jira Software via an application link, it is not possible to add 2 Jira custom fields as columns to display in a Jira Issue Macro (table view) due to case-sensitivity.
Related to this, fields values for custom field names that contain a comma and/or semi-colon are not included in the Jira Issue macro.
Both bugs have been fixed with Confluence 7.7.4 (CONFSERVER-60157 and CONFSERVER-60143).
- Rebuilding the search index in the UI in Confluence Data Center as explained in this KB article will run the reindex only on the node in which the task was triggered.
However, restoring a Space with “Build Index” checked will trigger a full site reindex on all nodes, which can cause heavy load to the database and filesystem (CONFSERVER-59303).
- Previously, when macros with body content were disabled, the content would be lost. Confluence now supports disabled macros to keep their body content and display it in the editor.In view page mode, disabled macros still show a placeholder image (Unknown macro). To display the content in view mode, select the disabled macro in the editor and change it to a new macro that can display your content. The body content will be preserved in the new macro and display in view mode.
If you want to know more about Macros and User Macros specifically, we’ve written a blog post called Confluence User Macros: An Introduction.
- Probably related to the whole BLM movement, Atlassian is also looking at the terms they use in their applications as well and terms such as “blacklist” and “whitelist” reinforce the concept that black and white are opposed, and one is bad while the other is good. Atlassian changed these terms to “Allowlist” and “blocklist” in the Confluence user interface. There are no API changes, so white- and blacklist remain in the codebase. We as TMC support racial equality and believe Atlassian is doing the right thing in modifying common terms that might not always be obviously sensitive.
- The page properties macro now supports up to 60 labels instead of 20 for improved reporting capabilities.
- For Data Center customers, the audit log can now record when someone performs a search. The event captures the search terms entered in the search field, advanced search, and in search macros such as Livesearch and Page Tree Search. The ‘Search performed’ event is included in the Full coverage level, which is available with a Data Center license. If you don’t want to collect search term data, you can disable this event using a system property.
- Following a link to an anchor within another page didn’t scroll to the anchor on the other page. This has been fixed (CONFSERVER-58628).
- Since the move to OpenJDK text in PowerPoint thumbnails didn’t render correctly (CONFSERVER-59429).
- Since Confluence 5 the Team Calander’s Select Groups button didn’t work when page restrictions were in place. Also, the group search is very slow (CONFSERVER-48915 and CONFSERVER-48822).
- Another long outstanding bug has been fixed concerning large space exports to XML failure when using an Oracle or MSSQL database (CONFSERVER-40394).
- n Confluence Data Center 6.10 and above, the document conversion process should be handled by a “sandbox” – an external process pool that can crash or be timed out without impacting Confluence. However, it appears that some spreadsheets that contain graphs can still be converted the old way, and can become stuck, eventually running CPU up to 100% (CONFSERVER-59425).
If you haven’t upgraded to Confluence 7.7.2 yet, Confluence 7.8.0 contains some welcome features and interesting bugfixes as can be read above.
For the Long Term Support (LTS), formerly Enterprise release customers, Atlassian released the bugfix release 7.4.4 on September 9th. We already advised this in last month’s edition, but since this release is actually available now, we advise to upgrade to this version since it and the prior 7.4 LTS bugfix releases include important bugfixes.
Bitbucket’s September Release Highlights
Bitbucket 7.6 (LTS)
It has finally arrived, the Bitbucket 7 LTS release, Bitbucket 7.6.0. A lot has been added to, improved with and fixed in Bitbucket since the last LTS release, Bitbucket 6.10.
For a full overview of all these changes, we refer you to previous editions of this blog series, starting with the March 2020 edition, in which we discuss the Bitbucket 7 platform release. Here are some of the highlights:
- Integrated CI/CD with two new ways to get continuous feedback on code – the Builds page and the Builds tab – designed to help you avoid switching tools. Now when you integrate your instance with Bamboo, Jenkins, or another CI server, you’ll see build results and additional related info on these two pages, right next to your code where it’s most valuable.
- New pull request experience that makes code reviewing smoother and more enjoyable with improvements such as:
- 2x faster content loading while switching between diffs
- better collaboration by commenting anywhere
- syntax highlighting in the diff view
- Task improvements include the ability to create tasks without having to write a comment first.
- View hidden comments for more context on why code has changed throughout a pull request, such as a file’s activity stream showing comments that are outdated or appear on another diff, and replying or reacting to outdated comments the same way you can from the overview tab.
- Pull request filtering makes it easier to find a pull request by refining your search.
- A new webhook, Source Branch updated, for source branch updates in a pull request.
- Prioritization of exact name matches when searching for a branch by its name.
- And much more:
Also, a few bug fixes have been added specifically to this LTS release:
- The Bitbucket REST endpoint /rest/jira-dev/latest/updated-issues is used to return a list of Jira issues that were updated since given “sequenceNo”. This end-point accepts a parameter called “maxResults” which helps in paginating through the results. But while paginating some results are not returned on pages beyond the first page (BSERV-12472).
- When viewing a single commit (not in a PR), when hovering over the build icon, In some cases the link ends with undefined and leads to a 404 page (BSERV-12608).
When upgrading from BItbucket 6 to Bitbucket 7, the following items should be taken into consideration:
- A lot of changes have been made to the Bitbucket APIs. We will not cover these in detail, but if you make use of audit, attachment or pull request functionality in the Bitbucket API, please check the API changelog here.
- Internet Explorer 11 is no longer supported.
- MariaDB 5.5 and MySQL 5.5 are no longer supported.
- Before upgrading to Bitbucket Server 7.4, you should test HTTP hosting in a staging environment that mirrors your production setup. This especially includes any installed apps, as app-provided servlet filters may be broken by async HTTP.
- When upgrading to Bitbucket Server 7.4 or later, you may notice an increased load on your database and application server. This is normal. It’s due to an asynchronous upgrade task that needs to run to migrate your application’s build status data.While the upgrade task is running, your application will be available and able to serve requests, so your team can continue working as usual.The upgrade task will run automatically around two minutes after your application starts up. In a multi-node cluster, it will run on a node picked by the system. How long it takes will depend on the size of the data that needs to be migrated. For example, for small instances, it can take 10 minutes, and for large instances, it can take over an hour.
If you are not on the Bitbucket 7.5.1 release yet, then Bitbucket 7.6.0 is solid release to upgrade to. You can also take advantage of this upgrade to stick to the LTS releases from then on.
The same applies of course to the LTS customers, Bitbucket 7.6 is a must upgrade as it contains so many new features, improvements and bugfixes that could really benefit your team and/or organization.
Before upgrading, please read the upgrade notes above and always test the upgrade on a representative testing environment and test it thoroughly by involving your key users. Don’t forget to update Git and to test your integrations and apps.
Bamboo’s September Release Highlights
You may ask what happened to Bamboo 7.1.1, we don’t know either. This was probably a so-called internal release. Anyways, Bamboo 7.1.2 contains a number of bug fixes and improvements for which we will cover the most interesting ones:
- There is no warning or notification when the audit logging silently fails and stops running. This will now show up in Bamboo’s Health check and even after a successful audit log recovery, this incidence to Bamboo’s health check registry.
- Bamboo’s new feature, the Build warnings parser task, is now also available in Bamboo Specs.
- A separate Maven task for Bamboo Specs is now available. The Bamboo team promised to make more information available right here anytime soon.
- Plan variable values are no longer limited to 4000 characters, which could be a real bottleneck when using it for example to store a Maven release command.
- Application Link Status page fails to load due to Case-sensitive checks for Headers (BAM-21028).
- If there is a single artefact matching the copy patterns and containing the “%” or ”;” characters in its filename, Bamboo will fail to download and will show a “Page not found” error (BAM-20779).
- If the script task body contains empty lines for the inline script body, it produces YAML Specs that can’t be used by Bamboo (BAM-21025).
- Extra docker run args are ignored when provided in YAML Specs (BAM-21040).
- When plan overrides default branch of linked repository YAML export doesn’t generate correct code (BAM-21034).
If you are not on Bamboo 7.1.0, Bamboo 7.1.2 is a stable release to upgrade to. Else it is probably not worth the effort.
If you are upgrading from Bamboo 6, test it thoroughly first and involve your key users. Don’t forget to test your most important build and deployment plans.
Thanks for reading!