The month of April will set the stage for the second act of our unusually two-part Atlassian Rollout. This time around it’s Jira that gets to be the star of the show, accompanied by other favorites from all across the Eficode ROOT portfolio.

This, in a nutshell, is what the all-star lineup of our April play is up to:

  • Anchore Engine, the container security inspection utility, receives an update to v0.9.2,
  • GitLab is bumped to release 13.10,
  • Jenkins receives some major changes with an update to 2.277.1 LTS,
  • JFrog Artifactory and Xray are updated to 7.16.3 and 3.18.2 respectively,
  • Jira and Jira Service Management will be updated to 8.15.0 and 4.15.0 respectively,
  • Sonatype Nexus IQ is updated to lifecycle release 107
  • and the Nexus Repository Manager to version 3.30.0.

Without further ado...

The spring is here with a fresh Jira. As we mentioned in our previous post, a lot is changing under Jira’s hood. But that’s not all! This release is packed with all sorts of goodies as well.

Data Center bundle of joy: Advanced Roadmaps

Advanced Roadmaps (formerly known as Portfolio for Jira) is now bundled with Jira Data Center subscription.

Advanced Roadmaps is a powerful planning tool that utilizes gantt charts (think MS Project) to allow you to schedule and track work across multiple projects and teams. Advanced Roadmaps accesses boards, projects, and filters to visualize all of the data in a customizable interface.

Support and updates for Advanced Roadmaps on Jira Server will be available until 2023. From that point on, it will only be available with Data Center subscription.

Curious? Wondering where the road might lead to? Let us know and we'll be more than traverse Advanced Roadmaps with you!

Email template management simplified

In the olden days changing the default email notification contents in Jira Software was difficult and required hacking all sorts of stuff on the server side to make it happen. Not anymore! You can now download the email templates directly from Jira, make all the modifications you would want to, and then simply upload them right back to Jira.

In other email news, the email notifications also display image attachments more securely and consistently. Images in Jira notifications now include a security token, which allows users to view the images via the notification for up to 7 days. These attachments can of course be still viewed on the issue in Jira even after the token expiration date.

Navigate to the guide for Customizing email content at atlassian.com for further instructions. 

Personal access tokens for all

As was the case with Confluence, this update of Jira will bring Personal Access Tokens for Jira as well.

jira personal access tokens

This will make all sorts of automation and integration with Jira REST API more safe and secure by allowing the use of a separate, revocable and managed access token, instead of the previous username and password combination.

Tokens can also be configured to expire on a certain date, and you can of course have multiple tokens active simultaneously.

Once a user account is set inactive or deleted from Jira, all access tokens associated with it will automatically get revoked.

Jira Administrators have the possibility to apply rules on Personal Access Token use, by setting a limit on the number of tokens people can create and by enforcing global expiry rules for all tokens created by users.

Check out Atlassian's guide on Using Personal Access Tokens at atlassian.com.

Other changes

Accessibility improvements continue

Atlassian has continued their journey of making their products more accessible. This time around the attention has revolved around the Create issue flow. It is now possible to navigate seamlessly through the process with a keyboard only, and the flow is also more screen reader friendly.

Bamboo Plan selection in Jira

If you are using Bamboo with Jira, you can now choose which branch of your plan to run when releasing a version in Jira.

DCVS connector improvements

DCVS connector is a tool, which allows viewing version control development information on Jira issue screens. In addition to previous Bitbucket and GitHub support, you can now connect your Jira to GitLab as well! Hooray!

There are also numerous overall performance improvements in polling mechanisms, handling stuff in background threads and that sort of stuff, as well as several smaller improvements in the UI, keeping things nice, quick, and responsive.

Quick view for issues in epic

Atlassian has added the Issues in epic section to the Kanban board issue details view. 

jira quick view

Before you would’ve had to navigate away from your board into the regular issue view to the list of issues belonging to the same epic. Not anymore.

Noteworthy changes in the Jira ecosystem

Agile retrospectives for Jira

Added the capability for switching between different retrospective formats.

Bulk Clone Professional for Jira

Added support for remapping Test Pre-Condition(s) & associated Test(s) created with Xray Test Management for Jira.

draw.io Diagrams for Jira

Changed diagram format so it's easier (and possible to begin with) to import them to Jira Cloud during a migration.

Exalate

Setting up a new connection has now been simplified with visual mode, which means you no longer have to write a script to set up a connection! Check out the instructions at idalko.com.

Links Hierarchy

Added capability to track boards. More details and instructions can be found at Kintosoft Confluence pages

Refined for Jira

  • Can now display SLA information on JSM request view.
  • Possibility to display default request type to aid customers in selecting what kind of request to create when their search does not provide any results.

ScriptRunner for Jira

ScriptRunner has received Slack integration support, making it easier to access Slack resources and actions in your scripts. See documentation for Slack Connection at adaptavist.com for details.

Structure

  • Fix version and sprint details can now be shown in the Summary column and used in formulas.
  • Option to show names, avatars or both in user columns.
  • Perspective sharing via email directly from a Structure view.
  • It is now possible to update the Team field from Advanced Roadmaps using the Attribute to Issue Field Effector.

SynapseRT

New custom fields to show SynapseRT related statistics:

  • Test Case: showing 'Test Case' information from a Requirement issue
  • Requirement: showing 'Requirement' information from a Test Case issue
  • Parent Requirement/Child Requirement/Requirement Suite: showing additional information from a Requirement issue
  • Execution Count: showing the number of times it is executed from a Test Case issue

Tempo Timesheets

Changed behavior of how a team is represented in CSV exports and REST API GET calls. Team is now shown as name rather than ID in both.

Zephyr Scale (formerly TM4J - Test Management for Jira)

TM4J - Test Management for Jira has been acquired by Smartbear and the plugin has been rebranded to Zephyr Scale. The functionality remains the same.

For more information, see Atlassian’s release notes for Jira Software:

Jira Software 8.14.x release notes at atlassian.com
Jira Software 8.15.x release notes at atlassian.com

This next generation of Jira Service Desk is now known as Jira Service Management. Jira Service Management is a fully-featured ITSM solution built on Jira.

Audit log additions

Data Center only

Atlassian has added new events to the audit log feature:

  • SLA conditions created
  • SLA conditions updated
  • Organization associated with project
  • Organization disassociated from project
  • JSM notification rule template updated
  • Email channel updated (password changes)

Mindville Insight bundled with JSM Data Center

Mindville Insight, which used to be a separate add-on, has now become part of the Jira Service Management (JSM) Data Center bundle, so it’s available to all JSM DC users.

Insight is a powerful tool for asset and configuration management. With Insight you can build a full CMDB system within Jira and use the data across all parts of the Jira platform, from regular issues to JSM portals.

jira service management insight

A good example of a use case for Insight in JSM would be the possibility of allowing users to select related servers or services when creating incident support requests. This will bring all the relevant information right to the Service Desk Agent view without having to separately look it all up, streamlining and optimizing incident or support request resolution processes.

Intrigued? Let us know and we’ll be more than happy to tell more about the possibilities of Insight!

Official mobile support

The official mobile support for Jira Service management has completed its beta stage and gets released into the wild.

jira service management mobile atlassian

You can now view your Service Desk projects in the same Jira Server mobile app - available for iOS and Android - you have been using for other Jira applications. Now you can stay up-to-date with your service desk, wherever you are.

For more information, see Atlassian’s release notes for Jira Service Management:

This release of Jenkins LTS is a major leap in terms of UX with the tables-to-divs initiative, paving way for a more responsive UI, making Jenkins more usable on all sorts of different devices.

Configuration UI - Tables to Divs

After the release of 2.263.x LTS, the weekly Jenkins 2.264 introduced major breaking changes for the configuration UI, which had been in the works for some time. Since the release of 2.264 back in October 2020, Jenkins Core and community plugin developers alike have been fine-tuning the new user experience, making sure it is stable enough for the next LTS release.

While the large majority of the popular plugins affected by the UI change have already been updated, you may still experience some glitches here and there.

jenkins side by side

New version on the left, old one on the right

Check out the Jenkins 2.264+: Major changes in the weekly release line blog post and the Jenkins LTS Changelog at jenkins.io for full disclosure.

The usual monthly treatment

Like every month, there’s also a host of plugin updates, fixes, and such rolled out to all. Please get in touch with your friendly ROOT support for a full list of plugin updates and changes applicable to your ROOT Jenkins instance.

GitLab hops two steps from 13.8 to 13.10 and both of our favorite artifact management suites - JFrog Platform and Sonatype Nexus - receive enhancements and fixes for binary repositories and security facilities alike.

Anchore Engine

Version 0.9.x takes a big step towards integration of Syft and Grype into Anchore Engine, with full integration being planned for the upcoming release 1.0. In this release, Syft is used for package identification; bill of materials (BOM) analyzer. There’s also a new API to support uploads of Syft results into the system, but with a lesser depth of analysis than an in-deployment one would provide. There’s also a host of fixes and other improvements. More about them on the Anchore Engine Changelog at github.com.

GitLab

The bump from current GitLab 13.8 to version 13.10 brings in over one hundred new features and improvements! The focus has been on doing DevOps at scale: more automation for routine tasks, boosting efficiency, and allowing DevOps to grow within an organization without losing control. There’s also a possibility to integrate GitLab with any alerting tool, a new security alert dashboard for GitLab Ultimate, and much more.

As always, GitLab’s own release notes contain all the nitty-gritty in almost exhaustive detail:

GitLab 13.9 release notes at gitlab.com 

GitLab 13.10 release notes at gitlab.com 

Sonatype Nexus

You may have read about the new software supply chain attack by the name of dependency confusion or namespace confusion, which exploits the circumstance that many components have no namespace configured in their package management definitions. Oftentimes these package management tools (think npm or pip) can fetch components from multiple sources, as the list of dependencies usually contains both internal, private components as well as those obtained from an external public source.

Now, imagine if someone were to publish a package in the public npm registry, using the exact same name as your own internal package. When your CI or a developer calls npm install on that component while building your application, which one is it going to be? Can you say for certain?

This release of Nexus Release Manager combined with Nexus IQ will now allow you to automate protection against dependency/namespace conflicts. Be sure to also check out Sonatype’s blog post on the subject: Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations at sonatype.com.

A complete list of changes and enhancements in this release can be found:

Repository Manager 3 Release Notes at sonatype.com
IQ Server Release Notes at sonatype.com 

JFrog Platform

Avoid security risks by flagging safe repositories

Artifactory virtual repositories are a neat and convenient way to aggregate multiple sources, private and public, into a single access point. But as with any type of configuration with package management tools, such as pip or npm, you may be exposed to a dependency confusion attack, as outlined above. 

In order to mitigate the problem, you can now declare local and remote repositories ‘safe’ by enabling Priority Resolution for them. Repositories declared Priority Resolution will take precedence in the resolution order when resolving virtual repositories. Only if a package is not found at all in Priority repositories, Artifactory will look them up in the non-Priority sources. This feature is currently supported for Docker, PyPi, RubyGems and NPM packages, but will be extended to cover all package types in the upcoming releases.

Other fixes and enhancements

Artifactory 7.15.x and 7.16.x slash some bugs encountered along the way. There are also improvements and enhancements, such as:

  • Bundler Compact support has been added for RubyGems virtual repositories.
  • Conan package usability is improved: user and channel attributes can now be changed when copying or moving artifacts.
  • Quick Setup can now be used to create repositories for multiple package types in one go.

Check out Artifactory Release Notes at jfrog.com for the full list of changes and fixes.

This release of Xray is a patch release with no new features. Starting from Xray 3.18, it is now certified to be used with PostgreSQL 13 database. Find the full list of fixes on Xray Release Notes at jfrog.com.