This release note is in progress
Summary 🌟
In this release note, we've introduced new automation tools, an option to abstain, and enhancements like date and time synchronization, along with styling fix and updates.
...
New Features 
Automation step
New type of definition step, ‘Automation Step’ has been added.
...
Automation step has features listed below.
Change Page Status
Add a Comment on Page
Add/Remove Label(s)
Set Entity Property
Abstain option
Abstain option has been implemented. This option was added due to customer’s feedback. Abstain allows approvers to express vote of abstention, it also works as silent approval. Here is available Abstain Option documentation for details.
...
Success step
Previously, we implemented rejection step which enables automation when an approval is rejected. For same logic, we launched success step. In Definition view, now both success step and rejection step is available. Available step types are Automation and Webhook. Documentation for step-by-step can be found in Success Step and Rejection Step
Improvements
...
Replace icon for 'no result' - dashboard
Replace old ES icon with magnifier icon
User Verification Required for New SAML Workspace
We have improved the system that all date and time displays across Confluence, including approval timestamps, comments, and various views to reflect the user's configured time zone and locale settings based on their Atlassian account preferences or browser settings.
...
SAML workspace setup process by introducing a mandatory user verification step. This ensures that only authorized users can create or join a new SAML workspace.
Improved JQL Filtering by Labels
Added text input support for label filtering in JQL. Previously, labels couldn't have spaces or special characters, causing errors. This restriction has been removed, allowing more flexible label usage.
Improved Board Share: Strikethrough for "Done" Status
Added strikethrough text to the status of issues marked as "Done" on both boards and custom boards. This enhancement visually distinguishes completed tasks from ongoing ones, improving clarity.
Improved Link Management: Drag and Drop for Order
We enhanced the error handling for automation steps in Confluence.
...
Added drag-and-drop functionality to reorder links in Global Settings > Page Customization > Header/Footer. Previously, once a link is added, you couldn’t change how they were placed. Now, you can easily rearrange links to improve organization.
We improved Confluence REST API for retrieving bulk users by account ID. This updated new method reduces time needed to access multiple accounts.
Improved approval path login page update
The styles of buttons on the login pages, such as the ‘Send me login link’ and ‘Login’ buttons, have been updated.
Bug Fixes
...
Implemented a confirmation popup for the "Restore default values" button in Global Settings > Page Customization. This change prevents accidental loss of changes by requiring user confirmation before resetting settings to default.
Bug Fixes
Nullpointer in filter view timetracking
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFJ-1137 |
|---|
|
Igor Hercer
Workspace validator blocks saving Global Settings
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFJ-1130 |
|---|
|
We resolved an issue where the comment author prefix was not appearing in Jira when comments were added via External Share. After the fix, comments now correctly display the author's name.
Make a small window in you browser
Observe the behavior
Fixed Error When Filtering by Project on Shared Filter Page
Previously, when users entered a project name in the search input, an error page was displayed. After the fix, the system now correctly displays issues or results from the searched project as expected. Additionally, filtering using multiple projects via JQL is now fully supported without errors.
Unauthorized Share Deletion Vulnerability Fixed
We addressed a critical security issue where users with customer privileges in a Jira Service Desk portal could delete external shares, even without direct Jira access. The vulnerability allowed customers to obtain a valid JWT and delete shares created by Jira administrators, compromising the integrity of shared information. This issue has now been fixed, and external shares are secured from unauthorized deletion. All operations related to shares—list, get, update, delete, and email notifications—have been thoroughly tested and verified to function correctly across different pages and roles.
Unauthorized Modification of Board Card Settings Vulnerability Fixed
We addressed a security vulnerability where a "customer" user, self-registered on a Jira helpdesk portal, could modify the board card settings in Jira without direct access to the system. The issue allowed attackers to obtain a valid JWT and manipulate the configuration of board cards, compromising the integrity of external shares. This vulnerability has been resolved, ensuring that only authorized users can modify board card layouts, and external attackers are now blocked from altering these settings.
Cross-Instance IDOR Vulnerability Fixed in Jira Share Settings
A new step container took the full width of the page, prevented the user from reaching the bottom of the page. Now user can reach the bottom of the page with fields.
...
We resolved a critical broken access control vulnerability in the Jira external share application that allowed an attacker from one Jira instance to modify external share settings in a different Jira instance. This vulnerability occurred when attackers used the GID (globally unique identifier) of a share to alter settings, such as changing the board configuration, issue displays, and permissions, compromising the confidentiality and integrity of shared data.
With this fix, external share settings are now protected from unauthorized cross-instance modifications, ensuring that only users with proper permissions can alter these settings.
Cross-Instance IDOR Vulnerability Fixed: Unauthorized Access to Jira API Key Usage History
We fixed a severe cross-instance IDOR (Insecure Direct Object Reference) vulnerability in the Jira external share application. This flaw allowed attackers to access the API key usage history of any other Jira instance. The issue occurred when an attacker, authenticated in their own Jira instance, could use a JWT to retrieve sensitive information, such as request details, IP addresses, user agents, and API key activity from a victim's Jira instance.
With the fix, the confidentiality of API key usage data is protected, and only authorized users within the same instance can access this sensitive information.
Fixed Issue with allowCreateNewIssue Field Not Set During Share Creation
Text input was breaking the border of ‘add a comment on issue’ window in Automation step page and in Condition window from definition page. After fix, the text appears safely contained in the windowWe resolved an issue where the allowCreateNewIssue field was not being set during the creation of a new share in Jira. This caused the permission to create new issues via the external share to remain disabled by default. After the fix, the allowCreateNewIssue field is correctly set during share creation, ensuring that the intended permissions are applied consistently.
Custom board - unable to start watching issues
Previously, attempting to watch issues resulted in an error. This bug has been fixed, and users can now successfully watch all issues on custom boards without errors.
Fixed Dark Mode CSS Styling Issues
We fixed CSS styling issues in dark mode where "Issue Type - Description" and "Timeline - Filters" had unreadable whitish backgrounds with gray text. The colors are now adjusted for better visibility and readability.
Fixed Dark Mode CSS Styling Issues
We fixed CSS styling issues in dark mode where "Issue Type - Description" and "Timeline - Filters" had unreadable whitish backgrounds with gray text. The colors are now adjusted for better visibility and readability.
Fixed Frontend Error: 'undefined' Provided Instead of Stream
We resolved an error where 'undefined' was given instead of a valid stream type
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFJ-1071 |
|---|
|
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFJ-1067 |
|---|
|
Resolved an issue where extra space appeared when using the "Group By" filter on boards and custom board shares for fields like Epic and Assignee.