Discover what's new in Eficode ROOT this month:

  1. Jira gets an upgrade to 9.6.
  2. Eficode RTM is made more AAD-Aware
  3. GitLab 15.9 for March
  4. SonarQube Current gets the new LTS version in advance
  5. Sonatype Nexus Repository and IQ get updated
  6. The usual Jenkins monthly

This month, Jira and Jira Service Management get an upgrade to 9.6 and 5.6, respectively, along with the best-of-breed from the ecosystem of Jira apps.

Insight becomes Assets… and better

Starting with this release of Jira Service Management, its asset management tool will get renamed from Insight to more befitting Assets. The functionality will remain the same, and the tool will be insightful as ever, but the rebranding has influenced the user interface and changed the names of some tool-related marketplace apps, which previously carried the Insight name.

And the changes don’t stop there. Our March release also ships with a host of other Insight… err, Assets improvements as well.

Improved accessibility and user interface

Accessibility and user interface of Assets have been improved by throwing some Jira Service Management accessibility standards and patterns at it. The modifications made have brought the usability and accessibility of Assets closer to that of Jira Service Management, allowing Atlassian to narrow the disparity between the two, and to make the experience more consistent across the product.

The improvements include improved support for screen readers and keyboards, fixes to user interface issues that created blockers in functionality, and upgrades to the design and content of Assets.

Support for Assets referenced object fields in approvals

Jira Service Management supports configuring a mandatory approval step in workflows, which allows you to require an explicit approval from the right people before a request can move from one status to another.

This release of Jira Service Management adds further flexibility to the approval flow by implementing support for adding approvers from Assets using Assets reference objects fields as the source for the names of your approvers. You can add approvers based on Assets data when there’s a request that affects an asset they own or have relations to. The selection of approvers will change dynamically based on the assets that are selected in the request.

Check out Adding approvers from Assets to requests in Jira on atlassian.com for more on this nifty feature! 

Audit log improvements

The Audit log feature has received some love in this release of Jira and Jira Service Management. 

The feature itself has received updates to its backend mechanicals, resulting in a faster loading experience overall. The performance problems which might have affected larger sites with more than a few million events in the Audit log database have also been corrected. The fix was to implement incremental caching for the categories and summaries in new, smaller database tables.

The usability of the user interface has also been improved by:

  • Increasing the width of the summaries filter so that it is actually readable.
  • Fixing the inconsistent translation of controls on the Audit log page.

The auditing for Jira Service Management has also been further improved by extending the coverage of the logs. Admins can now track events related to the customer portal, reports, and Assets. There are also some changes to the categorization of existing audit logs. Full coverage of these changes is available on Jira Service Management 5.6 release notes on atlassian.com. Make sure to check them out! 

Improvements to Service Management mail handling

This release of Jira Service Management delivers various improvements to allow more control over email request processing and filtering.

Jira admins will get the option to turn the auto-generated email and bulk email filters on or off in email request settings.

There’s also a global allowlist and blocklist for all of your service projects. These lists can be handy in automatically handling spam and in ensuring that certain requests always get through. Using the allowlist, you can make sure that all emails sent from a specific domain are always processed, regardless of other filter settings that would otherwise apply to these messages.

Email channels now also support mailbox folders. Instead of always defaulting to a folder named “inbox”, it is now possible to have Jira Service Management monitor any named folder in your mailbox. The new setting can be used in any email channel, new or already existing. Head on over to Email channels under your project settings to update an existing mail channel to use a different mailbox folder.

Support for Java 17

Paving way for a brighter future, this release of Jira adds support for Java 17 to boost performance and strengthen instance stability. All of which we are certainly looking forward to.

That said, on Eficode ROOT we’ll be sticking to our Java 11 for the time being. A number of popular apps have yet to be confirmed or updated to be fully Java 17 compatible. But once the ecosystem has caught up, Jira on Eficode ROOT will definitely also reap the benefits of the Java 17 upgrade.

What’s new in the plugin ecosystem?

A Jira update would be nothing without a deep dive into the ecosystem. And you won’t be disappointed this time around either. Read on for our highlights of this release.

Api Token Authentication Jira

Starting from this release, system administrators have the possibility to restrict API token authentication to certain nodes in a Data Center cluster only. When configured, all other nodes will ignore the request and delegate it to the default authentication handler.

ScriptRunner for Jira

The popular automation and customization app gets an update to version 7.10.0 with a number of updates and changes.

Administrators now have the option to temporarily assume the identity of another user directly from within an issue or in the user management space using the Switch User Function (link to adaptavist.com). Previously this was only possible using the built-in Switch User script.

ScriptRunner now provides a number of built-in scripts to check guardrails associated with projects, comments, attachments, issue links and change logs. Guardrails are a set of limits and thresholds recommended by Atlassian, designed to ensure optimal Jira performance. Check out the Guardrails documentation on adaptavist.com to learn more. 

Code snippets are now available for custom script post-functions. You can use snippets when adding or updating your post-function scripts.

Head on over to ScriptRunner 7.10.0 release notes on adaptavist.com to see the complete overview of changes and fixes in this release.

Jira Misc Workflow Extensions (JMWE)

Another popular automation app Jira Misc Workflow Extensions receives a major upgrade from 7.x to version 8.1.2.

The upgrade to 8.x will deliver a new feature dubbed Execution Logs. The new feature will help in fixing any misconfiguration in Workflow Extensions by bringing the errors, warnings and successes from JMWE executions directly to the Jira Administration UI. Check out the feature documentation on appfire.atlassian.net to learn more. 

Shared Actions has been upgraded to Shared Extensions. Previous to this release the only shared extensions available were indeed the shared actions. Release 8.1.x expands the coverage to include shared conditions and shared validators as well. The new options work just like shared actions: conditions and validators can also now be built once, used wherever needed.

Smart Checklist for Jira. Pro

The update to version 6.3.0 adds numerous new features and improvements, such as:

  • There’s an option to disable triggering “Issue Update event”.
  • Jira issues can be searched using a custom JQL function itemStatus with LIKE operator.
  • It’s now possible to receive notifications on any changes or updates made for the Smart Checklist on an issue. There’s a new Notify on checklist update settings in Global Settings. It’s disabled by default.

The complete list of app updates can be found on Smart Checklist Release Notes on railsware.atlassian.net.

Structure by Tempo - Portfolio & Project Management for Jira

Structure gets an update from 8.1.x to version 8.2.2. The enhancements in this release include:

  • New filter: Filter by field.
  • Possibility of saving and sharing formulas.
  • Improvements for the Manage Structure page: last opening date and a new UI for configuration.

Please see the Structure 8.2 Release Notes on almworks.com for more nitty-gritty details.

eazyBI Reports and Charts for Jira

eazyBI gets updated to version 6.6.0 with a number of updates, including:

Easy Agile TeamRhythm (formerly User Story Maps)

User Story Maps gets a major update from 7.x to version 8.4.0 and is from now on known as Easy Agile TeamRhythm. Changes are not limited to rebranding either. Version 8.x comes with a new feature to help your teams collaborate better: team retrospectives. 

TeamRhythm includes a new retrospective board that sits alongside your work in Jira, so that retrospective items can be easily tracked as the sprint progresses. It also implements the ability for customized categorization of the retrospective items, allowing you to implement a retrospective model to suit your team’s needs.

Who knows, TeamRhythm might be able to also spark some life into possibly dull retros as well. The version 8.4.0 comes with TeamRhythm’s first set of retrospective structure templates for changing things up a bit. There are now three templates to choose from:

  • The Foundation template, based on the Start, Stop, Continue style retrospective
  • The Space Mission template, based on the Sailboat style retrospective
  • The Get Rhythm template, based on the 4 L’s style retrospective

Check out Easy Agile Product Updates on easyagile.com for more on Team Retrospective features, as well as on other exciting updates in TeamRhythm!

AAD Enterprise Application synchronization is enhanced, the rest of RTM gets back on the proper performance track, still, R.T.M.

AAD synchronization enhancements

The March release of Eficode ROOT Team Management version 2.10 brings anticipated enhancements to Azure AD Enterprise Application synchronization. Originally introduced in RTM 2.0.0, the Enterprise Application synchronization allows limiting Azure AD-to-RTM synchronization to a certain subset of users and groups using an Azure AD Enterprise Application container.

Previously it was necessary to add both users and groups to-be-synchronized in the Enterprise Application. WIth RTM 2.10, you can simply add the correct groups to the Enterprise Application and RTM synchronization will automatically fetch all members of those groups and synchronize their user accounts to RTM. There’s no need to add users separately anymore.

In other news

This release of RTM also fixes a performance-related regression, which in some configurations could have resulted in unnecessary delays in group management.

Complete Release notes for Eficode ROOT Team Management can be found on docs.eficode.io.

Every month is a GitLab month. In March, GitLab on Eficode ROOT gets updated to version 15.9. Find our highlights below.

Require multiple approvals from Code Owners

In this release of GitLab, the implementation of CODEOWNERS has been enhanced to support defining requirements for multiple approvals for specific files, file types, or directories. 

Previously you could require multiple approvals only by using an approval rule, but as those apply to entire branches and not specific parts of your code base, it could have led to unnecessary reviews where they weren’t actually required. Now you can set up multiple approvers for only those parts of the code that require it, using the Code Owner approvals.

Character limitation in masked variables lifted

This release of GitLab improves variable masking by Packages Importer 📦🏗️ - GitLab.org removing the limitation that previously prevented masking variables that contained certain special characters, such as $, or . You can now use masked variables for keys and passwords that often contain one of these characters.

Note that the value still has a required minimum length of 8 characters and it must not contain spaces.

Secret Detection scans all commits in merge requests

Previously GitLab Secret Detection only scanned the latest commit on branch pipelines.

With the improvements delivered in version 15.9, Secret Detection scans all of the Merge Request’s commits when run in an MR pipeline. This improvement is based on the support for security scanning in MR pipelines, introduced in GitLab 15.5, so it’s only available on the Latest version of the Secret Detection CI/CD template, not yet on the Stable version.

You can enable the new feature for your pipelines by switching to the Latest version of the Secret Detection CI/CD template. The Stable template is planned to be updated with this change in GitLab 16.0.

Check out the Secret Detection documentation on gitlab.com to learn more. 

Import npm packages with CI/CD pipelines

GitLab can serve as an npm registry, but there has been no easy way to import packages from an existing registry to GitLab. This might have put you off from moving to GitLab.

GitLab now has a solution: npm package importer for CI/CD. You can simply create a config.yml file that defines the packages you want to import to GitLab from any other npm registry, add the importer to a .gitlab-ci.yml pipeline configuration and the importer does the rest. It dynamically generates jobs that import all the packages into your GitLab package registry.

Interested? Check out the Packages Importer project on GitLab.org for instructions on how to get the npm import train moving. 

Display labels on roadmaps

The roadmap view for epics has been improved by making assigned labels visible on the epic list in the sidebar, making it easy to identify the categories or groups the epics on the roadmap belong to without leaving the page.

You can turn the label display feature on and off in your roadmap settings.

And much more

The complete list of changes shipped with GitLab 15.9 can be found in exhaustive detail on the GitLab 15.9 Release Announcement on gitlab.com. Be sure to check it out! 

SonarQube 9.9 is the new LTS and in March it is rolled out to our Current instances. Those on the LTS plan need to wait for just a tiny bit longer while we ensure the smoothest possible transition from the current 8.9 LTS.

Embracing Clean as You Code

This release of SonarQube makes UX enhancements to Quality Gates to encourage the adoption of "Clean as You Code" methodology (sonarqube.org). All newly created Quality Gates get the 6 Clean as You Code new code conditions as standard:

  • Maintainability Rating (worse than A)
  • Reliability Rating (worse than A)
  • Security Hotspots Reviewed (less than 100%)
  • Security Rating (worse than A)
  • Coverage (less than 80%)
  • Duplication (greater than 3%)

The Quality Gate administration panel has been adjusted to better handle situations where CaYC conditions are not met (either conditions are missing or the threshold is lower than it should be). The Quality Gate Status panel in project view will also now show the CaYC state of the project, to further emphasize the importance of adopting the methodology.

Updates under the hood

Gearing up for the next 18 months of LTS stability, this release of SonarQube prioritizes robustness over new features. 

The server side of SonarQube has been upgraded to Java 17, to realize the performance benefits of the new version. There’s no change to SonarScanner Java compatibility, you can still run the analysis with Java 11.

There are also adjustments to supported database backend versions – which you don’t have to worry about, we’ll take care of any updates needed – to provide improved performance and stability.

The minimum supported versions list for DevOps platform integration has also been updated as follows:

  • Azure DevOps Server 2022, 2020, and 2019
  • Bitbucket Server / Data Center 5.15 or later
  • GitHub Enterprise Server 3.4 or later
  • GitLab 15.6 or later

Nexus Repository Manager receives an update to version 3.47.1 with its policy engine cousin – the Nexus IQ Server – getting bumped up to release 155.

Nexus Repository Manager

User interface improvements

Sonatype has been working diligently behind the scenes on converting the Repository Manager user interface to use React components. While all of the improvements are not yet visible to the end users, some of the screens in the UI have been fully converted, such as the screens for configuring blob stores, database connection, content selected, and cleanup policies.

Other enhancements and updates

The soft quota feature (sonatype.com) monitors blob storage and raises an alert when it exceeds a set threshold, be it Space Used or Space Remaining. However, with cloud storage, such as Azure Blob Storage or AWS S3, the concept of “space remaining” is not exactly a thing. This is why the option to set such a constraint for a cloudy backend has been removed.

There are also a number of bug corrections and component updates made. Please check out the Nexus Repository Manager Release notes on sonatype.com for full disclosure. 

Nexus IQ

Limited release of IQ Server High Availability

This release ships with the first incarnation of a Kubernetes-based High Availability (HA) deployment option for IQ server. It’s currently in a limited release and will be enabled upon an approval from Sonatype. As the feature itself is in its infancy yet, there are some risks one needs to acknowledge being an early adopter. The general availability is expected to all Lifecycle licenses later this year, once all possible teething problems are sorted out.

See the IQ Server High Availability Installation page on sonatype.com for more on IQ Server HA deployment. 

Other improvements and fixes

There are also other improvements in this release, including but not limited to:

  • Improved results sorting in Repository Results View with multi-column sort.
  • SBOM generated from CycloneDX REST API - v2 will provide richer metadata in the form of including vendor and software names on the SBOM.
  • New experimental Maven Call Flow Analysis (link to sonatype.com) can detect method signatures in the application code that contain components with potentially exploitable security vulnerabilities. When the feature is enabled in an application scan, such components get labeled as “Security-Reachable” and can be viewed on the component details page, accessible from the resulting application report.

For a complete list of changes in this release of IQ, please browse Nexus IQ Server Release Notes on sonatype.com

Jenkins gets a round of updates for march: a minor update to its LTS core plus a bunch of plugin updates from the ecosystem.

Same, same, but different

This month, Jenkins gets a small bump to 2.375.3 LTS along with the usual monthly plugin level-up. This time around it’s again mostly fine-tuning and fixes, with no apparent breaking changes.

As always, due to the nature of Jenkins, please don’t hesitate to check in with your friendly Eficode ROOT support to get down to the nitty-gritty specific to your Jenkins.

Published: Mar 9, 2023

Updated: Dec 14, 2023

Eficode ROOTrelease notes