What’s new in Eficode ROOT: November 2023

One-click linked issues

This release of Jira introduces a new Create linked issue screen which dramatically improves the functionality and usability of the old, basic screen it replaces.

The new screen eliminates the need for complex workarounds and procedures associated with creating linked issues. There’s no need to play around with issue fields in the original issue or mess with screen and field configurations to make linked issue creation make sense. 

Upon opening the new Create linked issue screen you’ll be presented with all the default and custom fields of the selected destination project, all editable right on the spot and prepopulated with the latest values you’ve used when working with other issues.

Jira Automation feature burger

Along with Jira Software 9.11, the no-code automation engine Jira automation gets a major bump to release 9.0. It comes with two new actions to automation rules, a security-centric breaking change as well as enhanced security for secret keys. A proper hamburger model for new features.

New actions for the people

Jira Automation 9.0 introduces two new actions.

The first one is the new Lookup issues action which allows you to search for issues based on a JQL query and store the resulting data in the smart value . The value acts like a list, providing access to all fields and custom fields of the issues in the list.

Check out the documentation for Jira smart values with issue lists on atlassian.com to learn more about using smart values. 

The second new action is the Create variable, which - as the name implies - allows you to store text values or other smart values in a variable and use them in other actions. The created variable will be available within the entire scope of the automation rule, including inside branches.

Breaking: allowlist for outbound URLs enabled by default

To enhance protection against Server-Side Request Forgery (SSRF) attacks, Jira now enforces the use of a URL allowlist for sending outbound HTTP requests.

In order to send outbound web requests from Automation, all target URLs need to be explicitly allowlisted. A rule that contains a request to a non-allowlisted URL cannot be published.

This also applies to existing rules. After the update, a rule that uses a non-allowlisted target URL will not work until a Jira System Administrator adds it to the allowlist. Please don’t hesitate to contact your friendly Eficode ROOT support team if you suspect allowlist to be the culprit for your automation rule failures. Rest assured, we’ll fix it in no time.

Masking secret keys in automation rules

When establishing a connection to an external app like Microsoft Teams or Slack you often need to use a secret key of some description to do so.

In Jira Automation 9.0, secret keys and URLs used for notification actions can now be masked. This provides a reliable solution for security concerns and allows safe data reuse across your Jira instance: 

• The masking mechanism ensures that the values of secret keys are not visible to any user.
• There’s now one central place, the Secret keys panel, where the stored secrets can be managed.
• You can safely reuse a secret key across multiple projects without risking inadvertent disclosure

_{Secret key creation view in Jira 9.11.2 with Jira automation 9.0.3.}

Masked secrets can be used in notification actions, such as Send Microsoft Teams messages, Send Slack notification and Send web request. The full list of affected notification actions and instructions on maintaining your secret keys can be found on "Create and edit masked secret keys for automation rules" on atlassian.com.

Extended project permissions with a small catch

This release of Jira introduces more granular permission management for user pickers displayed for Assignee and Reporter fields as well as for user mentions.

Previously anyone with the Browser user permission could interact with Assignee and Reporter pickers and make @user mentions. The new extended permission model does away with the general Browse users privilege and replaces it with context-specific permission.

• Assignee: a user needs to have the Assign issue permission to interact with the Assignee user picker. The Assignee picker will now show all users with Assignable user permission in the project. 

• Reporter: a user needs to have Modify reporter and Browse projects permissions to interact with the Reporter user picker. The picker shows all users with Browse projects permission in the project.
• @mentions: the Browse projects permission is required to mention other users on issues. The user mentioned picker will show users with Browse project permissions.

These permissions define whom the user will see in these pickers and mentions.

Whilst the enhanced privacy and security regarding your project information is certainly a good thing, there is a catch. This update changes the behavior of Jira. It is possible that some users might not see every person in Assignee, Reporter, or @user mention pickers they previously did.

If the immediate change turns out to cause too much headache, it is possible to temporarily turn off the feature to allow time for adjusting project permissions to accommodate the new model. Please reach out to your friendly Eficode ROOT support for more information.

No watch if you can’t touch

Previously the user picker for the Watchers field listed all users in Jira. You could have tried to add anyone as a watcher, whether or not they could access your project. It wasn’t until after making the selection that Jira would return an error for an inappropriate choice.

This release of Jira addresses the unnecessary trial-and-error schtick with an enhanced Watchers picker. Now it will only show users who have the Browse projects permission in the project the issue belongs to.

App highlights

Checklist for Jira

Our November release ships with a major Checklist for Jira update to version 7.0.4.

This version expands Checklist’s permission system with new granular control on who can do what. This allows setting up Checklist workflow appropriately for all different use cases.

Permission schemes can be designed in a centralized fashion, making it possible to reuse them across multiple Checklist field configuration contexts. You can now also use dynamic user identifiers (such as the Item assignee) as a sign-off field.

All existing permission-related settings in the current version will be automatically migrated to the new Checklist 7 permission schemes. Check out the documentation for Checklist permission schemes on okapya.com to learn more about the new system.

And it doesn’t end with permissions either. Checklist 7 also ships with three new actions for Jira automation: Add Checklist items, Edit Checklist items, and Delete Checklist items. These - as you can probably guess - enhance the ability to build all sorts of automated processes involving checklists.

The Release notes for Checklist on okapya.com goes into more detail on all of this. Check it out.

EazyBI

The leading analytics, reports and charts app for Jira gets an update to release 7.0 with a host of new features and improvements, such as:

• Conditional report alerts in eazyBI reports and charts, which allow you to receive automatic email notifications w2hen an alert on measure is triggered.
• New Days assigned and workdays assigned measures.
• Improved Time weekly and fiscal hierarchies.
• And more, all of which you can find at eazyBI for Jira changelog on eazybi.com- 

Jira Misc Workflow Extensions (JMWE)

JMWE update to version 8.5.0 renames the “Scripted (Groovy) Condition” and “Scripted (Groovy) Validator” extensions to Build-your-own Condition and Build-your-own Validator, respectively.

Both extensions also now ship with No Code options that allow you to build conditions and validations into your workflow, even if you don’t know how to Groovy. The No-Code options will automatically generate an appropriate Groovy script for you, which you can then use as-is or (have someone) customize it further.

Please head on over to JMWE for Jira Data Center and Server release notes on appfire.atlassian.net for a complete overview of other changes and improvements in JMWE 8.5.0.

Structure by Tempo

The Jira Portfolio Management and PPM plugin Structure by Tempo gets an update from 8.x to version 9.0. This update introduces various improvements, such as the possibility of including multiple Notes columns within a structure, making it easier to take notes for different topics. Memos have also been expanded with the option of including field data for Assignee, Due Date, and Time Tracking fields to aid in high-level planning of your project.

Check out the Structure 9.0 release notes on wiki.almworks.com for full coverage on all improvements. 

Time to SLA

The latest and greatest version of Time to SLA app introduces a brand new SLA report UI with enhanced reporting functions, including “Background Report” and “Periodic Report”. There’s also an option to include Time to SLA custom fields in Data Pipeline export.

The full list of changes is available at Time to SLA version history on marketplace.atlassian.com.

Customer Request Type in dashboard gadgets

It’s now possible to use the Customer Request Type field of a Service Management project in various Jira dashboard gadgets. This long-awaited option makes creating all kinds of workload visualization charts and graphs a breeze.

Customer Request Type field is exclusive to Jira Service Management projects. It is available for use in dashboard gadgets for project admins and agents.

Clones, clones everywhere

You know that sinking feeling, the one you get when faced with a seemingly endless amount of ClickOps ahead?

No? Just me?

Configuring the perfect queue in a Jira Service Management project can take quite a while. And being tasked with implementing the same for the ten other issue contexts could be a daunting task.

Luckily Atlassian has heard the desperate cries of us rodent-allergic sysadmins out here. Instead of having to repeat everything from scratch, you can now simply clone your existing queue and modify the bits that need modifying, reducing mouse exposure to a minimum.

Link multiple Confluence spaces to a single portal

Leveraging your existing Confluence as a knowledge base source for Jira Service Management is a good way to enhance customer service experience and reduce request turnaround times.

This release of Jira Service Management adds the possibility of linking multiple different Confluence spaces to one service portal, making it possible to further expand knowledge base article coverage for your Service Management agents and customers alike.

Not yet taking advantage of the knowledge base features? Check out Set up a knowledge base for self-service on atlassian.com to learn more! 

Enhanced emoji experience

Easily the most important thing in this release of Confluence: the possibility of adding your own emojis. Yes, finally.

Get your stories straight with the appropriate faces. You can use the feature for boring business stuff by - as an example - slapping in company logos and using them for serious documents. Or you can add an animated facepalm gif to be used for comment reactions in those very documents.

And because the ability to upload your own emojis is enabled for all users by default, you might end up with something that you’d rather not have in there. Something like a 17th variation depicting a steaming pile of manure. That’s taking it a bit too far. 16 ought to be enough to cover all possible use cases. System admins now have a dedicated UI for managing the uploaded emojis, allowing viewing them all at once with the option for deleting the unwanted ones.

You can also disable the feature. This will take away the upload rights from mere mortals, but will still retain a special privilege for Confluence system admins to add custom emojis anyway.

Tart up your tables

Get your feng shui right with the brand new vertical alignment options, familiar from such classics as the 1997 W3C hit “HTML 3.2”. You can now align the content of your table cells with “top”, “middle” and “bottom” in Confluence as well.

Copy space improvements

The copy space feature has been enhanced to cover more settings of the original space.

Space header, sidebar, footer, and PDF stylesheets from the look and feel configurations are now included by default in the copy, as are comments pinned to attachments in pages and blog posts.

You also now have the option for copying watchers of pages, blog posts, and the original space itself.

Targeted reindexing

If your Confluence needed reindexing, previously the only option was to reindex the whole site in an attempt to recover bits missing from search or content indexes.

With the targeted space reindexing introduced by this release of Confluence, you can save time and minimize disruptions by performing targeted reindexing on only those spaces where your users have reported cases of missing content or lackluster search results.

App highlights

IFrames for Confluence with breaking changes

To close potential cross-site scripting (XSS) attack vectors, the iframe sandbox default values have been changed to disable all sandbox options. Whilst it improves security, the downside is that existing iframes are likely to break. According to the app vendor, there was no good way of detecting how or why each individual iframe fails, making it impossible to implement automation for fixing them.

If you find your iframes broken after the update, please don’t hesitate to reach out to your Eficode ROOT support team. We can help with troubleshooting and fixing.

See the Iframes for Confluence version history on marketplace.atlassian.com or more information on this change.

Scroll Versions and Scroll Translations

With the end of Confluence Server looming in the very near future, the app vendor K15t is also shifting their development efforts away from Scroll Versions and Scroll Translations apps. Both will still be maintained for the foreseeable future, but the focus is on compatibility and security updates, not on new features anymore.

Going forward, the vendor is investing in Scroll Documents making it not just worthy but a better solution for versioning and documentation needs on Confluence. To help users with migration, this release of Scroll Versions adds a global configuration option that allows getting an overview of all spaces using any Scroll Versions features with a report showing which features are used and in what way. This report can be used as a starting point for migration to Scroll Documents.

Check out the Scroll Versions 4.5.2 release notes on k15t.com for further details. 

Table Filter and Charts

The table data management extension Table Filter and Charts receives an update to version 10. This update introduces a new macro called Spreadsheet from Table, which allows transferring your regular table or a table displaying an output of a macro into a Table Spreadsheet.  There’s also a possibility to display clickable web links in Table Spreadsheet Include.

Refer to the Table Filter and Charts for Confluence version history on marketplace.atlassian.com for a full list of changes and fixes

Target branch rules for MRs

Using more than one long-term branch for development? With the new target branch rules you can simplify your development workflow and help ensure merge requests target the appropriate branch.

For example, you could configure rules where branches matching “feature/*” would target branch develop whereas “release/*” would go to master. When a developer creates a merge request, GitLab checks the name of their branch and pre-selects the matching target branch based on the configured rules.

PDF export from wiki pages

Starting with this release of GitLab, it is now possible to export individual wiki pages as PDF files with built-in functionality. No need for separate Markdown-to-PDF conversion utilities or copying-and-pasting stuff anymore.

Audit events for deployment approval and approval rule changes

In previous versions of GitLab, the deployment approvals were not part of audited events. In some cases, this could have clashed with the compliance requirements in regulated industries.

With GitLab 16.5 this is not a problem anymore. There are new audit events for deployment approvals as well as for deployment approval rule changes. The events are triggered whenever deployment approval rules or approval rules for protected environments are changed.

Compliance standards adherence report

This feature is available on the Ultimate subscription.

The Compliance Center in GitLab now includes a tab for a Standards Adherence report. In this initial version, it applies a GitLab best practices standard to show which projects in your group meet the requirements for the checks in the standard.

This version of the feature includes three checks:

• Approval rule exists to require at least 2 approvers on MRs.
• Approval rule exists to disallow the MR author to merge.
• Approval rule exists to disallow committers to the MR to merge.

The generated report contains details on the status of each check for each project. It’ll also have a timestamp for when the standards adherence check was last run, which standard the check applies to (currently only “GitLab”) with suggestions for fixing possible failures shown on the report.

Future releases of the Standards Adherence report functionality will add more checks and will extend the scope to cover more regulations and standards.

And a lot more

As always, the detailed list of updates and changes in GitLab 16.5 is available on the GitLab 16.5 release announcement on gitlab.com.

Core

Jenkins Core gets upped to the latest LTS. It’s an evolutionary update to the existing release, with a small number of fixes for bugs encountered. Nothing much to report.

Plugins

On the ecosystem side, we do have noteworthy items for November.

The Artifactory plugin introduces a breaking change for Gradle users. Running Grandle builds with Artifactory plugin now requires Gradle version 6.8.1 or above. This is due to the added support for the Gradle Version Catalog feature. Please refer to the Jenkins Artifactory Plug-in documentation on jfrog.com for further details on this change.

Atlassian Bitbucket Server Integration plugin gets an update to a new major version 4.0.0, which adds new pull request discovery behavior for Multibranch Pipeline jobs. It allows the job to discover open pull requests in Bitbucket and trigger builds for each one of them. Check out the documentation for pull request discovery on github.com/jenkinsci to find out how to take the new feature into use in your Pipeline.