Eficode ROOT's release note for October 2022: the new Jira 9, and latest updates from JFrog, Jenkins, GitLab, and GitHub.

The Jira is dead, long live the Jira!

UI changes for issue statuses and transitions

This is most likely going to be the very first thing you notice after the Jira 9 update. O button, where art thou?

Issue statuses and transitions have been moved from separate buttons to a single, easy-to-use Issue status menu.

_jira_1

The issue status menu button label indicates the current status of an issue. Inside the status menu, you’ll find the set of issue statuses, transitions and current workflow applicable to your issue. Pretty neat, is it not?

Safeguards for heavy bot use

Heavy automation of tasks can sometimes cause slightly too heavy side effects. Safeguards can help in keeping your bots in check by allowing system administrators to moderate a user group’s activity with a global limit of items the members of the group can create. For example you can limit the number of comments a bot account can add to an issue.

When Safeguards is enabled with limits set, it’ll notify Jira System Administrators when certain thresholds are close to being reached.

Check out the documentation for Safeguards at atlassian.com for more on this feature. 

Automation for all

Have you ever wondered what the meaning of all of this, whatever this might be -- life, perhaps – while hacking away with the same old tedious, repetitive nonsense in your Jira project again? A certain uneasiness that kind of comes and goes, maybe for this being not quite the life and career you once envisioned, young and enthusiastic? The “is it just me, or is the whole world a bit… pointless?”.

Well, we’ve got something that could just do the trick for getting a little bit of that life back.

Jira Data Center now ships with Automation for Jira as a native feature. As the name implies, you can use Automation to build, err, automation for your processes and workflows. These automated activities are based on the key concept of automation rules. Rules are made up of three parts: triggers, conditions and actions. A trigger sets the whole thing in motion, conditions refine the rule to apply when appropriate parameters are met, and lastly, action describes the task to perform.

As the feature is now integrated into Jira Data Center, you can get started with it as soon as your Jira on Eficode ROOT has been updated to the October patch level! Automation features are available in both Jira Software and in Jira Service Management.

Learn more about Jira Automation on atlassian.com

Performance improvements across the board

Making Jira quicker and more efficient has been a bit of a theme with the Jira releases of late, and our dear Jira 9.2 here is no different.

The performance of background task processing has been improved by optimizing the Pretty Simple Message Queue (PSMQ) operations.

The page load times for Jira Backlog and Board agile views have been improved. Jira 9.1 implements two new caches for holding Sprint data readily available with fast cache population, making actions such as opening an Agile board much quicker. Jira 9.2 continues the trend of making Agile faster by optimizing the content associated with these views, removal of polyfills from the frontend, and by decoupling the Agile reports resources from the views.

OAuth 2.0 support for outgoing mail

Jira 8 added the support for OAuth 2.0 for inbound mail, Jira 9 takes it one step further by adding OAuth 2.0 support for outbound mail servers (SMTP) as well. Not only does this provide the means for modern and secure SMTP authentication, but with Microsoft and Google phasing out ye olde password authentication (circa 2nd millennium) in favor of OAuth 2.0 you can keep sending your mails through their services. Like a boss.

Advantageous advancements for Advanced Audit Log

This release of Jira ships with new functionality which allows excluding some events from being recorded without changing the overall log level in advanced audit log. Jira System Administrators can adjust the exclusion settings directly from the Jira Administration UI.

Jira Service Management adds a new audit log for tracking your email channels. With the new logging facility, you can easily make sure that all the incoming mails are processed correctly. The audit log adds a processing log that shows all the messages received from the connected email account, with the possibility of searching and filtering to find specific emails. There’s also a connectivity log that tracks the attempts and results of connections to the configured mailboxes.

And then some

Jira 9 is a big release, and there’s a lot more to it. Naturally, it’s not only about features, the new version also ships with corrections to annoying niggles and problems in the current version. Yes, there’s also a fix for the funky behavior of the LDAP directory synchronization.

Take a dive into the Jira Software Release Notes at atlassian.com and Jira Service Management Release Notes at atlassian.com to find all the changes and updates in this release. 

News from the ecosystem

These are some of our plugin highlights for this release of Jira on Eficode ROOT but it’s just the tip of the iceberg. With the vast amount of plugins in circulation, it would not make sense to cover all of the changes in our limited space here. Please do reach out to your friendly Eficode ROOT Support to find out what’s what when it comes to your plugins.

Adaptavist ScriptRunner for Jira

October release of Eficode ROOT bumps ScriptRunner for Jira from 6.x to 7.1.0.

This release includes an awaited update to Groovy 3. The language parser has been reimplemented in Groovy 3, which brings a number of syntax improvements that bring the syntax closer to that of modern Java. There are also additional operators, for example !in and !instanceof, === and !=== for identity comparison and null safe subscript operator, respectively.

But there are also known breaking changes in Groovy 3. Some classes have been relocated to different packages (see the details at groovy-lang.org). And there are some additional breaking changes carried by the Groovy 3 release, for which details can be found on the Release notes for Groovy 3.0 at groovy-lang.org. Be sure to also check out ScriptRunner 7.x Release Notes at adaptavist.com as well. 

Checklist for Jira

The checklist for Jira gets a bump to release 6.2.0 with a bunch of improvements, features, and some breaking changes as well:

  • Templates have received usability improvements: the template list is available in issues and templates and now have owners, users can favorite, and admins can pin templates.
  • Checklist for Jira can now be integrated with Automation using the checklist changed trigger, checklist condition, and import template action.
  • The allMandatoryItemsChecked() search function has a breaking change: before this release, the function returned issues where the checklist either had all of its mandatory items checked or contained no mandatory items at all. With this release, the function does not return issues that have 0 mandatory items anymore, only those with 1 or more.

Check out the Checklist for Jira release notes at okapya.atlassian.net for other changes in this release. 

Structure - Flexible Jira Project Management

Structure version 8.1.1 delivers the following updates:

  • New bundled formulas and easier access to the formulas
  • Calendar support for the Time in Status Column
  • Project Lead data for project groups
  • Various updates and fixes
On the JFrog Platform things this October are a bit more modest: Artifactory gets a bug-slashing patch update, complemented by a good amount of new features for Xray.

On the JFrog Platform things this October are a bit more modest: Artifactory gets a bug-slashing patch update, complemented by a good amount of new features for Xray.

Impact Analysis gets a performance boost

Whenever a new vulnerability is published or when the data for an existing vulnerability is updated, its impact on your artifacts is re-analyzed. With a large amount of artifacts and components, this can lead to performance issues. In order to avoid this, the impact analysis process is now only applied on CVEs classified as High Profile by the JFrog Security CVE Research and Enrichment, not on all CVEs like earlier.


And when a license for a package is updated in the Xray database, this information is reflected only on artifacts scanned after the fact, not on all previously scanned artifacts.

New Scans List page

This release of Xray introduces a new Scans List page, which combines Xray scan details for repositories, builds, release bundles, and packages into a single, tabbed view.

_jfrog_1

Jenkins’ Java 8 support will be ending, but not quite yet. In October, our favorite butler gets refreshed with a round of plugin updates.

Breaking change in HTTP Request plugin

Using plain text credentials for anything is always a risk. HTTP Request plugin in its early form allowed you to prescribe request credentials directly in the job configuration. This feature was deprecated in favor of the more secure Credentials plugin - where everything is always encrypted - over 2 years ago.

This release will finally do away with the plain text credentials completely. There is no automatic migration, the plain text usernames and passwords will simply be erased. If you are aware of old(er) projects using the HTTP Requests plugin, please make sure that they have already been properly set up with a modern stored credential.

See the Releases of HTTP Request plugin at jenkins.io for more. 

About the Jenkins Core update

Last month we promised to update Jenkins to the latest LTS in October. Nobody wants to go back on their word.

We’ve weighed the facts. We’ve swallowed our collective pride. And we’ve decided to reschedule the Jenkins update to November. In our minds it’s the right thing to do.

Recently we conducted some exploration into the contents of the Jenkins instances we nurture, and came across a bit more of those Maven Project / Java 8 jobs than anticipated. While the inevitable end-of-the-road for Java 8 has not been a secret, we may not have emphasized the importance of migrating to Java 11 early enough.

Missed the whole Java 8 kerfuffle? Our "What's New" for September describes the change and its impact in more detail.

As of now, Eficode ROOT is planning to follow the GitLab release cycle (monthly, on the 22nd, like clockwork) and release a new version every month. This does not mean that we will give up our critical acceptance traditions. We’ll still carefully evaluate and consider each and every version.

Easy start with Pages

GitLab 15.4 ships with the first manifestation of the new Pipeline Wizard facility: a wizard for setting up your .gitlab-ci.yml with appropriate configuration for getting started with GitLab Pages. Stab in some basic details about your project, press a button and receive .gitlab-ci.yml. Decent.

Now that the Pipeline Wizard has been brought out, you can look forward to seeing more of these onboarding helpers appear in GitLabs in your region.

Assignees to a task

Our September release enabled the Task management feature (first introduced in GitLab 14.5, refined in 15.0), which could very well be the starting point of a big transformation. Time will tell if this is the case.

With GitLab 15.4 task management gets a welcome extension in the form of task assignees. You can now assign tasks to one or more persons in your GitLab instance. Assigned tasks can be accessed from your personal issues dashboard in the app.

Automatic disabling of failed webhooks

To protect GitLab from potential abuse or simply misconfiguration - and also to protect other systems from the same - GitLab has implemented a feature to automatically disable webhooks that are consistently failing.

Webhooks that return 5xx response codes are considered to be failing intermittently or temporarily. These webhooks are initially disabled for 10 minutes, which is extended on each retry up to a maximum of 24 hours.

And those webhooks that are getting a 4xx error code get disabled permanently.

Project owners and maintainers will see a “Webhook disabled” notification in the app whenever auto-disabling has been triggered.

Bug fixes and a lot more

GitLab 15.4 also ships with improved CI/CD integration for VS Code, data-driven JSON based tables for Markdown, and much more. GitLab Runners also get a bump to release 15.4.0.

The complete changelog can be found at GitLab 15.4 release announcement on gitlab.com.
The October release of Eficode ROOT will ship with a new GitHub Enterprise. See our highlights below.

Improved protocol security for Git connections

This release changes the supported algorithms and hash functions for all SSH connections towards the GitHub Enterprise server: support for DSA keys and legacy algorithms such as HMAC-SHA-1 and CBC ciphers are removed, newly added RSA keys must use SHA-2 hash and there’s an option for administrators to enable the support for Ed25519 host keys.

And most importantly, the unencrypted Git protocol (git://) will be turned off.

More background for the change can be found on the Improving Git protocol security on GitHub Enterprise Server blog post at github.blog

Actions man with a… plan

This release of GitHub improves Actions experience. The improvements include such actionable acts as:

- Ability to pass secrets from the main workflow to a reusable workflow with a simple secrets: inherit setting.

- Possibility of generating a Markdown page to summarize results of a job as part of an Actions workflow.

- Option to enable debug logging for workflow execution to aid in diagnosing and troubleshooting misbehaving workflows.

Audit log streaming public beta

GitHub Enterprise 3.6 introduces support for streaming audit log and Git events to Amazon S3, Azure Blob Storage, Azure Event Hubs, Google Cloud Storage or Splunk. The feature is still in its beta version, therefore it is subject to change.

Check out Streaming the audit log for your enterprise on github.com for more.

And there’s more… of course

This release also contains various GitHub Advanced Security features and improvements, such as webhook events that trigger when someone enables or disables a code security or analysis feature, secret scanning for changes made in the web UI and audit log trail for secret scanning alerts and scanner bypasses for Enterprise owners.

Head on over to GitHub Enterprise 3.6 Release notes at github.com to learn about the changes in this release of GHE.

Published: October 4, 2022

Eficode ROOT