Jira Release Notes

Jira Software 11.3 Long Term Support (LTS)

We're pleased to present Jira Software 11.3 Long Term Support (LTS).

Highlights

• End-of-life policy
• What's changed since the last LTS release
  • Top features
  • Critical bug fixes
• Performance reports
• Supported platforms changes
• Known issues
• App developers
• Upgrade steps
• Resolved issues

Jira Software 11.3 is a Long Term Support release

This means we'll provide bug fix releases until Jira 11.3 reaches its end-of-life date (December 3, 2027) to address critical security, stability, data integrity, and performance issues.

Ready to upgrade? Check out the release notes for a summary of changes since 10.3 LTS.
If you’re upgrading from Jira 9.x or Jira 10.x, see Upgrading Jira applications for all the necessary steps.

More

See the full list of issues resolved.

Compatible applications

If you're looking for compatible Jira applications, look no further: Jira Service Management 11.3 release notes.

End-of-life policy

Atlassian supports feature versions for two years after the first major iteration of that version was released. Once a version reaches its end of life (EOL), we’ll no longer provide support for it. Here are the EOL dates for Jira Software 11.3, 10.3, and 9.12:

• Jira Software 11.3: 3 December 2027
• Jira Software 10.3: 5 December 2026
• Jira Software 9.12: 29 November 2025

For more information, see the Atlassian Support end-of-life policy.

What's changed since the last LTS release

Jira 11.3 is a Long Term Support (LTS) release. It contains all features introduced since the last LTS version, Jira 10.3, and provides fixes for known issues in this version.
If you’re interested in learning more about a specific type of improvement, you can go to one of the following sections:

• Changes introduced in this release
• Top features
• Critical bug fixes

Changes introduced in this release

Cloud connectors for hybrid integrations
For: ADMINS
We’re introducing cloud connectors to help you connect Data Center and cloud through the Atlassian Admin Hub. Now, you can set up and manage Rovo and Portfolio Insights connectors in one place, with OAuth 2.0 securing every authentication and authorization flow.
Details on configuring cloud connectors
Your existing Portfolio Insights and Rovo connectors will keep working with OAuth 1.0. Portfolio insights security key will expire in 180 days after it was set up. You can switch Portfolio insights to cloud connectors with OAuth 2.0. To do so, follow these steps to upgrade Portfolio Insights to cloud connector.
We don’t recommend switching your existing Rovo connectors to cloud connectors yet because this will trigger reindex and may cause issues.
In-product integrations, like using Confluence as a Jira Service Management knowledge base, continue to work as well. If you’re using older connection methods, such as the Cloud Companion app or application tunnels, these will still work, but we recommend switching to cloud connectors as you upgrade.
Read more about available ways of integrating Data Center and cloud

New MailboxCleanupService job
For: ADMINS
We introduced a new message handler to keep mail servers clear of unprocessed messages skipped by mail fetchers. The new MailboxCleanupService message service clears mail servers of messages unfit to be processed by mail fetchers, keeping the number of messages to process in check.
When active, MailBoxCleanupService runs every 24 hours and either marks messages as read or, if it’s running on a POP server, deletes them. This job is inactive by default. To enable it, to the secure/SiteDarkFeatures!default.jspa page, add com.atlassian.jira.mail.mailboxcleanup.enabled.
Notes:

• MailboxCleanupService uses the same cluster locks as the mail fetcher services. If a mail fetcher service has already obtained the lock, the job skips processing the mailbox related to that service. A retry job is scheduled to run after a minute.
• To ensure that the retry job can process skipped messages smoothly, a flag interrupts mail fetcher services processing messages, so that they release the lock. This gives the new job the opportunity to obtain the lock and process the messages.

Date Picker default datetime format
We changed the default datetime format for the Date Picker component in Jira from dd/MM/yy to dd/MM/yyyy. This change does not affect custom formats defined for Date Picker on existing instances.

Important updates introduced in Jira 11.2

Welcome OpenSearch in Jira Data Center
For: END USERS ADMINS
OpenSearch is now fully supported for production use. You can configure Jira to use OpenSearch as your search platform, either on premises or as a managed service like AWS OpenSearch Service.
We recommend switching to OpenSearch because it offers performance, scalability, and reliability improvements over Lucene.
OpenSearch in Jira isn’t just about searching — it supports everything you do, from loading boards and viewing backlogs to generating reports and working with issues. Because so many core actions rely on search, OpenSearch’s speed, consistency, and reliability have a direct impact on your team’s productivity and experience. By using OpenSearch instead of Lucene, you’ll be able to speed up you Jira, reduce the number of required Jira nodes, and use cheaper hardware.
To understand the differences between OpenSearch and the default Lucene search platform, review the OpenSearch for Jira Data Center guide.
You might also want to get familiar with our previous OpenSearch documentation:

• Configure OpenSearch for Jira
• OpenSearch hardware recommendations for Jira
• Search API deprecations and upgrade guide for Jira 11
• Migrating FieldIndexers in Jira 11
• Migrating Lucene collectors to Search API in Jira 11

Top features

Here's a summary of the great new features that await you after upgrading to Jira Software 11.3.
The summary of changes is divided by the versions in which they were released, but it doesn't mean you have to upgrade through each version separately. You can go straight from 9.12 or 10.3 to 11.3.

Release Summary Release notes
11.3 Cloud connectors for hybrid integrations New MailboxCleanupService job Date Picker default datetime format Jira Software 11.3 release notes
11.2 Welcome OpenSearch in Jira Data Center New limit of 10,000 items on a board Optimize your instance with safeguards Optimize your custom fields One place to clean them all Strengthen sysadmin and OS access separation Protect your Jira nodes with JQL resilience Connect securely with OAuth 2.0 for app links Rate limiting now supports OAuth 2.0 Deprecation of Browse Project properties in workflows Indexing and snapshots improved with OpenSearch Handle large tables with Cluster message cleaning service React 18 and Atlaskit upgrade in Jira 11.2 Jira mobile plugin removal Jira Software 11.2 release notes
11.1 Find missing issues in Advanced Roadmaps for Jira Manage your integrations and automations with service accounts Sign SAML authentication requests Jira Software 11.1 release notes
11.0 Introducing the Jira Data Center connector for Rovo Removal of the deprecated Text gadget End of support for the Original theme New look and feel for Advanced Roadmaps for Jira Changes to issue sources filter for unsaved issues in Advanced Roadmaps for Jira Strict permission handling in Advanced Roadmaps for Jira Changes to System Dashboard operations Sorting on TEXT entity property Upgrade from ProForma Lite to ProForma Full View your repo health with Sync history New backend issue limit for Advanced Roadmaps for Jira App signing is now enabled by default for app installations Check indexing stats in JMX Faster user management Simplification of multipart handling in WebWork Removal of Trusted apps Jira Software 11.0 release notes
10.7 Dates now follow profile timezone in Jira automation Improve Jira performance with Instance optimizer Redirect email replies for Jira notifications Feature flags removal New entry in deserialization blocklist Jira Software 10.7 release notes
10.6 New database integrity check for validating issue links New API endpoint for reciprocal issue links Remove deleted users marked as inactive Jira Software 10.6 release notes
10.5 Secure app installations with app signing Save time and space with more control over data pipeline exports New Aggregate API now available Deprecation of Lucene-specific modules End of Velocity method allowlist debug mode Email notification character change limit Jira Software 10.5 release notes
10.4 Automation queue supportability improvements Rotate your encryption keys like clockwork Customize the order of issue link types New Jira Stats logging location New Search API now available Jira Software 10.4 release notes
10.3 Dark theme is officially here Light theme becomes the new default Jira Software 10.3 release notes

Critical bug fixes

Every release contains a bunch of bug fixes. Here is the list of fixes to issues with critical severity since version 10.3.

Release Summary

• 11.3 No issues found
• 11.2 No issues found
• 11.1 No issues found
• 11.0 1 issue: Adding a user to a role or creating a customer is slow for roles in projects with many user role assignments
• 10.7 4 issues
• 10.6 1 issue
• 10.5 1 issue
• 10.4 1 issue
• 10.3 5 issues

Performance reports

We run extensive performance tests to compare our Long Term Support releases to see how the new features affect Jira, and to make sure we’re not introducing any performance regressions. LTS releases are usually a few versions apart, so the improvements in performance are much more visible than between smaller, feature releases.

• Jira Service Management 11.3.x Long Term Support release performance report

Supported platforms changes

End of support
We've removed support for:

• JDK 17
• PostgreSQL 12
• PostgreSQL 13
• PostgreSQL 14
• PostgreSQL 15
• MSSQL Server 2017
• MySQL 8.0
• Oracle 18c

Deprecated support
We’ve deprecated support for:

• PostgreSQL 16
• MSSQL Server 2019
• Oracle 19c

Confirmed support
We’ve confirmed support for:

• JDK 21
• MySQL 8.4
• Oracle 23ai
• PostgreSQL 17

This version of Jira runs only on Java 21.
For the list of supported platforms, see Supported platforms.
For previous announcements, see End of support announcements.

Known issues

This section contains information about any issues that we’ve discovered in our testing. We’re constantly keeping an eye out and if we find anything, we’ll let you know right here.

App developers

See Preparing for Jira 11.3 for any important changes regarding apps.

Upgrade steps

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Resolved issues

Issues resolved in 11.3.0
Released on 3 December 2025

• Bug JSWSERVER-26483 Disabling the HTML renderer in the field description breaks the description of fields like Team, Parent link,etc CLOSED
• Bug JSWSERVER-26424 Team field value for a subtask is getting stored in the “entity_property” table CLOSED
• Bug JSWSERVER-26423 "Webhook not installed" warning is shown in Jira 10.3.X though DVCS is working CLOSED
• Bug JSWSERVER-26314 Invalid use of RequestCache by thread: jira-stats (DVCSMessageCountByStateStats) CLOSED
• Bug JSWSERVER-21371 Autoscheduling plans after switch to new interface causes NumberFormatException CLOSED
• Bug JSWSERVER-16687 Unmapping a status from board columns affects reporting for all issues ever in that status CLOSED
• Bug JSWSERVER-15106 Some reports are not showing the correct data if the workflow is changed. CLOSED
• Bug JRASERVER-79185 After uploading new logo to look and feel the menu items are not visible in the Export and Tools dropdown CLOSED
• Bug JRASERVER-79179 Screen flickers while adding attachment via drag and drop with Chrome version 142.0.7444.135. CLOSED
• Bug JRASERVER-79126 Webhook payload generation is slow due to lack of caching in comment serialization CLOSED
• Bug JRASERVER-79125 Webhook payloads do not limit changelog items, causing performance and scalability issues CLOSED
• Bug JRASERVER-79124 Slow webhook payloads due to N+1 queries when serializing changelog items CLOSED
• Bug JRASERVER-79029 In Chrome, multi-select custom field with 10k+ options render slowly when using the multiselect.frother.renderer dark feature CLOSED
• Bug JRASERVER-33345 Mail Handler should better handle messages that are rejected due to recipient not matching catch mail list or bulk detection CLOSED
• Bug JRASERVER-31291 2-digit year on Jira Date Picker converted to 1900 if 20 years or more in the future CLOSED
• Bug JIRAAUTOSERVER-1159 Project Admin users who belong only to manually created groups and are added to Impersonate users in A4J can't change the rule actor CLOSED
• Bug JIRAAUTOSERVER-1036 High heap utilization during issue creation and linking issues CLOSED

Last modified on Dec 3, 2025

Original source Report a problem

Jira Software 11.3 Long Term Support (LTS)

Highlights

• End-of-life policy
• What's changed since the last LTS release
  • Top features
  • Critical bug fixes
• Performance reports
• Supported platforms changes
• Known issues
• App developers
• Upgrade steps
• Resolved issues

Jira Software 11.3 is a Long Term Support release

This means we'll provide bug fix releases until Jira 11.3 reaches its end-of-life date (December 3, 2027) to address critical security, stability, data integrity, and performance issues.
Ready to upgrade? Check out the release notes for a summary of changes since 10.3 LTS.
If you’re upgrading from Jira 9.x or Jira 10.x, see Upgrading Jira applications for all the necessary steps.

More
See the full list of issues resolved.

Compatible applications
If you're looking for compatible Jira applications, look no further: Jira Service Management 11.3 release notes.

End-of-life policy

Atlassian supports feature versions for two years after the first major iteration of that version was released. Once a version reaches its end of life (EOL), we’ll no longer provide support for it. Here are the EOL dates for Jira Software 11.3, 10.3, and 9.12:

• Jira Software 11.3: 3 December 2027
• Jira Software 10.3: 5 December 2026
• Jira Software 9.12: 29 November 2025
  For more information, see the Atlassian Support end-of-life policy.

What's changed since the last LTS release

Jira 11.3 is a Long Term Support (LTS) release. It contains all features introduced since the last LTS version, Jira 10.3, and provides fixes for known issues in this version.
If you’re interested in learning more about a specific type of improvement, you can go to one of the following sections:

• Changes introduced in this release
• Top features
• Critical bug fixes

Changes introduced in this release

Cloud connectors for hybrid integrations
For: ADMINS
We’re introducing cloud connectors to help you connect Data Center and cloud through the Atlassian Admin Hub. Now, you can set up and manage Rovo and Portfolio Insights connectors in one place, with OAuth 2.0 securing every authentication and authorization flow.
Details on configuring cloud connectors
Your existing Portfolio Insights and Rovo connectors will keep working with OAuth 1.0. Portfolio insights security key will expire in 180 days after it was set up. You can switch Portfolio insights to cloud connectors with OAuth 2.0. To do so, follow these steps to upgrade Portfolio Insights to cloud connector.
We don’t recommend switching your existing Rovo connectors to cloud connectors yet because this will trigger reindex and may cause issues.
In-product integrations, like using Confluence as a Jira Service Management knowledge base, continue to work as well. If you’re using older connection methods, such as the Cloud Companion app or application tunnels, these will still work, but we recommend switching to cloud connectors as you upgrade.
Read more about available ways of integrating Data Center and cloud

New MailboxCleanupService job
For: ADMINS
We introduced a new message handler to keep mail servers clear of unprocessed messages skipped by mail fetchers. The new MailboxCleanupService message service clears mail servers of messages unfit to be processed by mail fetchers, keeping the number of messages to process in check.
When active, MailBoxCleanupService runs every 24 hours and either marks messages as read or, if it’s running on a POP server, deletes them. This job is inactive by default. To enable it, to the secure/SiteDarkFeatures!default.jspa page, add com.atlassian.jira.mail.mailboxcleanup.enabled.
Notes:

• MailboxCleanupService uses the same cluster locks as the mail fetcher services. If a mail fetcher service has already obtained the lock, the job skips processing the mailbox related to that service. A retry job is scheduled to run after a minute.
• To ensure that the retry job can process skipped messages smoothly, a flag interrupts mail fetcher services processing messages, so that they release the lock. This gives the new job the opportunity to obtain the lock and process the messages.

Date Picker default datetime format
We changed the default datetime format for the Date Picker component in Jira from dd/MM/yy to dd/MM/yyyy. This change does not affect custom formats defined for Date Picker on existing instances.

Important updates introduced in Jira 11.2

Welcome OpenSearch in Jira Data Center
For: END USERS ADMINS
OpenSearch is now fully supported for production use. You can configure Jira to use OpenSearch as your search platform, either on premises or as a managed service like AWS OpenSearch Service. We recommend switching to OpenSearch because it offers performance, scalability, and reliability improvements over Lucene.
OpenSearch in Jira isn’t just about searching — it supports everything you do, from loading boards and viewing backlogs to generating reports and working with issues. Because so many core actions rely on search, OpenSearch’s speed, consistency, and reliability have a direct impact on your team’s productivity and experience. By using OpenSearch instead of Lucene, you’ll be able to speed up you Jira, reduce the number of required Jira nodes, and use cheaper hardware.
To understand the differences between OpenSearch and the default Lucene search platform, review the OpenSearch for Jira Data Center guide.
You might also want to get familiar with our previous OpenSearch documentation:

• Configure OpenSearch for Jira
• OpenSearch hardware recommendations for Jira
• Search API deprecations and upgrade guide for Jira 11
• Migrating FieldIndexers in Jira 11
• Migrating Lucene collectors to Search API in Jira 11

Top features

Here's a summary of the great new features that await you after upgrading to Jira Software 11.3.
The summary of changes is divided by the versions in which they were released, but it doesn't mean you have to upgrade through each version separately. You can go straight from 9.12 or 10.3 to 11.3.

Release Summary Release notes
11.3 Cloud connectors for hybrid integrations New MailboxCleanupService job Date Picker default datetime format Jira Software 11.3 release notes
11.2 Welcome OpenSearch in Jira Data Center New limit of 10,000 items on a board Optimize your instance with safeguards Optimize your custom fields One place to clean them all Strengthen sysadmin and OS access separation Protect your Jira nodes with JQL resilience Connect securely with OAuth 2.0 for app links Rate limiting now supports OAuth 2.0 Deprecation of Browse Project properties in workflows Indexing and snapshots improved with OpenSearch Handle large tables with Cluster message cleaning service React 18 and Atlaskit upgrade in Jira 11.2 Jira mobile plugin removal Jira Software 11.2 release notes
11.1 Find missing issues in Advanced Roadmaps for Jira Manage your integrations and automations with service accounts Sign SAML authentication requests Jira Software 11.1 release notes
11.0 Introducing the Jira Data Center connector for Rovo Removal of the deprecated Text gadget End of support for the Original theme New look and feel for Advanced Roadmaps for Jira Changes to issue sources filter for unsaved issues in Advanced Roadmaps for Jira Strict permission handling in Advanced Roadmaps for Jira Changes to System Dashboard operations Sorting on TEXT entity property Upgrade from ProForma Lite to ProForma Full View your repo health with Sync history New backend issue limit for Advanced Roadmaps for Jira App signing is now enabled by default for app installations Check indexing stats in JMX Faster user management Simplification of multipart handling in WebWork Removal of Trusted apps Jira Software 11.0 release notes
10.7 Dates now follow profile timezone in Jira automation Improve Jira performance with Instance optimizer Redirect email replies for Jira notifications Feature flags removal New entry in deserialization blocklist Jira Software 10.7 release notes
10.6 New database integrity check for validating issue links New API endpoint for reciprocal issue links Remove deleted users marked as inactive Jira Software 10.6 release notes
10.5 Secure app installations with app signing Save time and space with more control over data pipeline exports New Aggregate API now available Deprecation of Lucene-specific modules End of Velocity method allowlist debug mode Email notification character change limit Jira Software 10.5 release notes
10.4 Automation queue supportability improvements Rotate your encryption keys like clockwork Customize the order of issue link types New Jira Stats logging location New Search API now available Jira Software 10.4 release notes
10.3 Dark theme is officially here Light theme becomes the new default Jira Software 10.3 release notes

Critical bug fixes

Every release contains a bunch of bug fixes. Here is the list of fixes to issues with critical severity since version 10.3.

Release Summary
11.3 No issues found
11.2 No issues found
11.1 No issues found
11.0 1 issue
10.7 4 issues
10.6 1 issue
10.5 1 issue
10.4 1 issue
10.3 5 issues

Performance reports

We run extensive performance tests to compare our Long Term Support releases to see how the new features affect Jira, and to make sure we’re not introducing any performance regressions. LTS releases are usually a few versions apart, so the improvements in performance are much more visible than between smaller, feature releases.

• Jira Service Management 11.3.x Long Term Support release performance report

Supported platforms changes

End of support
We've removed support for:

• JDK 17
• PostgreSQL 12
• PostgreSQL 13
• PostgreSQL 14
• PostgreSQL 15
• MSSQL Server 2017
• MySQL 8.0
• Oracle 18c

Deprecated support
We’ve deprecated support for:

• PostgreSQL 16
• MSSQL Server 2019
• Oracle 19c

Confirmed support
We’ve confirmed support for:

• JDK 21
• MySQL 8.4
• Oracle 23ai
• PostgreSQL 17

This version of Jira runs only on Java 21.
For the list of supported platforms, see Supported platforms.
For previous announcements, see End of support announcements.

Known issues

This section contains information about any issues that we’ve discovered in our testing. We’re constantly keeping an eye out and if we find anything, we’ll let you know right here.

App developers

See Preparing for Jira 11.3 for any important changes regarding apps.

Upgrade steps

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Resolved issues

Issues resolved in 11.3.0
Released on 3 December 2025

• Bug JSWSERVER-26483 Disabling the HTML renderer in the field description breaks the description of fields like Team, Parent link,etc CLOSED
• Bug JSWSERVER-26424 Team field value for a subtask is getting stored in the “entity_property” table CLOSED
• Bug JSWSERVER-26423 "Webhook not installed" warning is shown in Jira 10.3.X though DVCS is working CLOSED
• Bug JSWSERVER-26314 Invalid use of RequestCache by thread: jira-stats (DVCSMessageCountByStateStats) CLOSED
• Bug JSWSERVER-21371 Autoscheduling plans after switch to new interface causes NumberFormatException CLOSED
• Bug JSWSERVER-16687 Unmapping a status from board columns affects reporting for all issues ever in that status CLOSED
• Bug JRASERVER-79185 After uploading new logo to look and feel the menu items are not visible in the Export and Tools dropdown CLOSED
• Bug JRASERVER-79179 Screen flickers while adding attachment via drag and drop with Chrome version 142.0.7444.135. CLOSED
• Bug JRASERVER-79126 Webhook payload generation is slow due to lack of caching in comment serialization CLOSED
• Bug JRASERVER-79125 Webhook payloads do not limit changelog items, causing performance and scalability issues CLOSED
• Bug JRASERVER-79124 Slow webhook payloads due to N+1 queries when serializing changelog items CLOSED
• Bug JRASERVER-79029 In Chrome, multi-select custom field with 10k+ options render slowly when using the multiselect.frother.renderer dark feature CLOSED
• Bug JRASERVER-33345 Mail Handler should better handle messages that are rejected due to recipient not matching catch mail list or bulk detection CLOSED
• Bug JRASERVER-31291 2-digit year on Jira Date Picker converted to 1900 if 20 years or more in the future CLOSED
• Bug JIRAAUTOSERVER-1159 Project Admin users who belong only to manually created groups and are added to Impersonate users in A4J can't change the rule actor CLOSED
• Bug JIRAAUTOSERVER-1036 High heap utilization during issue creation and linking issues CLOSED

Last modified on Dec 3, 2025

Original source Report a problem

Highlights

• Welcome OpenSearch in Jira Data Center
• New limit of 10,000 items on a board
• Optimize your instance with safeguards
• Optimize your custom fields
• One place to clean them all
• Strengthen sysadmin and OS access separation
• Protect your Jira nodes with JQL resilience
• Connect securely with OAuth 2.0 for app links
• Rate limiting now supports OAuth 2.0
• Deprecation of Browse Project properties in workflows
• Indexing and snapshots improved with OpenSearch
• Handle large tables with Cluster message cleaning service
• React 18 and Atlaskit upgrade in Jira 11.2
• Jira mobile plugin removal
• Changes to supported platforms
• App developers
• Upgrade procedure

Welcome OpenSearch in Jira Data Center

For: END USERS ADMINS

OpenSearch is now fully supported for production use. You can configure Jira to use OpenSearch as your search platform, either on premises or as a managed service like AWS OpenSearch Service. We recommend switching to OpenSearch because it offers performance, scalability, and reliability improvements over Lucene.

OpenSearch in Jira isn’t just about searching — it supports everything you do, from loading boards and viewing backlogs to generating reports and working with issues. Because so many core actions rely on search, OpenSearch’s speed, consistency, and reliability have a direct impact on your team’s productivity and experience. By using OpenSearch instead of Lucene, you’ll be able to speed up you Jira, reduce the number of required Jira nodes, and use cheaper hardware.

To understand the differences between OpenSearch and the default Lucene search platform, review the OpenSearch for Jira Data Center guide.

You might also want to get familiar with our previous OpenSearch documentation:

• Configure OpenSearch for Jira
• OpenSearch hardware recommendations for Jira
• Search API deprecations and upgrade guide for Jira 11
• Migrating FieldIndexers in Jira 11
• Migrating Lucene collectors to Search API in Jira 11

New limit of 10,000 items on a board

For: END USERS ADMINS

This limit applies only when you’re using OpenSearch. The default Lucene search platform isn’t affected, but you can also configure Lucene to enforce the same limit.

With the OpenSearch implementation in Jira, Scrum and Kanban boards can display up to 10,000 items. When a board is full, an admin needs to update the board filter to reduce the number of included issues. This update helps Jira scale for large enterprises, improves search performance, and prevents indexing bottlenecks.

To check the total number of issues on your board, go to Issues, then select Search for issues and apply your board’s filter. By default, you can view up to 10,000 issues. An admin can override this limit by setting the jira.search.platform.max.result.window property.

More about issue display limits on boards

Optimize your instance with safeguards

For: ADMINS

Jira Instance Optimiser now includes safeguards to help you stay within recommended limits for comments, custom fields, issue types, issues, and projects. These safeguards help maintain system stability and performance as your instance grows.

To set up the limits:

1. In the upper-right corner of your Jira application, select Jira administration, then select System.
2. In the sidebar, find Instance Optimizer and select Overview.
3. Select Configure safeguards.

You can enable or disable safeguard enforcement, and choose whether to receive email and in-app notifications. When usage approaches a set limit, system admins receive notifications. If a user tries to perform an action that would breach a safeguard, the action is blocked and the user receives a warning.

Explore how to configure safeguards in Instance optimizer

Optimize your custom fields

For: ADMINS

Instance optimizer now makes it easier to manage your custom fields. You can search, filter, and take bulk actions, including deleting custom fields directly from the recommendations page. You can also see more details about custom field usage and the impact of localizing these fields.

You can scan your custom fields to identify those with configurations that can be optimized. If your last scan is more than 24 hours old, you will need to re-scan to ensure you have the most up-to-date data. After 24 hours, previous scan results are no longer displayed.

Optimize your custom fields in Jira

One place to clean them all

For: ADMINS

We're deprecating the Clean up functionality in Jira Data Center and removing the Audit Custom Fields link. Instead, the cleanup features, such as project and issue archiving, are now integrated into the preinstalled Instance Optimizer app, which provides more efficient and automated ways to optimize your instance.

With this change, you’ll find all the cleanup features in one place.

More about Instance Optimizer for Jira

Strengthen sysadmin and OS access separation

For: ADMINS

Starting from Jira 11.2, we’ve clarified the distinction between the global administrative permissions: Jira administrator and Jira System administrator and introduced new application properties. You can use them to ensure that only users with the highest level of administrative access can perform sensitive operations.

In Jira 11.2, the stricter permissions are opt-in, but they'll become opt-out in a future major version of Jira Data Center.

System administrators can update these properties in the advanced settings in Jira. By default, they’re set to false and let you opt in to the updated role requirements at your own pace. You can test them by setting the property value to true. Enable each property individually to apply stricter permissions

More about global permissions

Protect your Jira nodes with JQL resilience

For: ADMINS

We’re introducing JQL resilience, a set of safeguards that help prevent node crashes caused by resource-intensive JQL operations. To stop a JQL query from using too much memory or running for too long, you can:

• set a maximum search result limit.
• define a JQL query time limit to interrupt queries that run too long.
• enable a memory usage circuit breaker to reject new JQL queries when memory is low.

For each node, you can control these limits in the jira-config.properties file. Each change requires you to restart Jira for it to take effect.

Explore how to use JQL resilience

When these features are enabled, some JQL searches might return a SearchException in situations you didn’t encounter before, such as timeouts. Jira logs these events and publishes them in the audit log. Use these features only when the risk of node crashes outweighs the impact of failed queries.

Connect securely with OAuth 2.0 for app links

For: ADMINS

We’ve added OAuth 2.0 support for application links (app links) across Atlassian Data Center products. OAuth 2.0 is an industry-standard authentication protocol that enables secure mand reliable connections between Atlassian products and external applications.

More about creating applinks

We’re also working on OAuth 2.0-based app links to connect with cloud to allow for secure and efficient integrations of hybrid environments, and will share the timeline soon.

Rate limiting now supports OAuth 2.0

For: ADMINS

Rate limiting in Jira now supports OAuth 2.0 2-legged (2LO) authentication. This update lets you configure rate limits for OAuth 2.0 requests separately from other API requests, making it easier to manage integrations like the Rovo connector.

More about rate limiting in Jira

Deprecation of Browse Project properties in workflows

For: ADMINS

Starting in Jira 11.2.0, we're deprecating the jira.permission.browse.* workflow step properties. These properties are used to restrict issue visibility on certain workflow steps.

Alternatively, you can set the issue security levels and automation rules to control which users can access the issue based on their project role and the current issue status.

Update your workflows to use the alternative functionality

To preview the Browse Project removal enforcement, you can enable the com.atlassian.jira.workflow.permission.browse.removal feature flag. Jira permission manager will ignore these Browse Project properties starting from version 12.0.0.

Indexing and snapshots improved with OpenSearch

For: ADMINS

When OpenSearch is enabled in Jira Data Center, you’ll notice changes to both the user interface and REST APIs. The Index Admin UI now uses a new URL (OpenSearchIndexAdmin.jspa) and offers a different set of configuration options tailored for OpenSearch. The indexing and snapshot API endpoints now reflect OpenSearch-specific behavior.

• The reindex endpoint always performs a full background reindex:
  • /jira/rest/api/2/reindex
• The snapshot endpoints are disabled because they don’t apply to OpenSearch:
  • /rest/api/2/index-snapshot
  • /rest/api/2/cluster/index-snapshot/{nodeId}

Handle large tables with Cluster message cleaning service

For: ADMINS

The Cluster message cleaning service now deletes expired rows in batches of 100,000, making it easier to manage very large tables, even up to 100 million rows. This update prevents database strain by avoiding single, large transactions that could cause memory or disk issues.

Configure Cluster message cleaning service in Jira

React 18 and Atlaskit upgrade in Jira 11.2

For: ADMINS

In Jira 11.1, we upgraded React to version 18 and updated Atlaskit components to their latest versions for Platform packages, Jira Service Management, and Assets. In Jira 11.2, these upgrades have now been applied across the rest of Jira. This change reduces vulnerabilities inherited from older Atlaskit packages and brings recent bug fixes and accessibility improvements to Jira.

As part of this update, some React web resources have been deprecated. If your custom apps or integrations rely on these resources, check out the recommended replacements for improved performance.

More about Web Resource deprecation and replacements

Jira Mobile plugin removal

In Jira 9.11, we've deprecated support for the Jira mobile web interface. Now, in Jira 11.2, we’re removing the Jira Mobile plugin in favor of the Jira Data Center mobile app for iOS and Android.

Supported platforms changes

In Jira 11.2, support for Microsoft SQL Server 2019 (MSSQL 2019) is deprecated.
For the list of supported platforms, see Supported platforms.
For previous announcements, see End of support announcements.

App developers

See Preparing for Jira 11.2 for any important changes regarding apps.

Upgrade steps

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Resolved issues

See the full list of the issues we’ve resolved throughout the lifecycle of Jira Software 11.2.

Issues resolved in 11.2.0

Released on 6 November 2025
[Issue list omitted for brevity]

Issues resolved in 11.2.1

Released on 28 November 2025
[Issue list omitted for brevity]

Last modified on Dec 2, 2025

Was this helpful?
Yes No
Provide feedback about this article

Original source Report a problem

We’re pleased to present Jira Software 11.2.

Highlights

• Welcome OpenSearch in Jira Data Center
• New limit of 10,000 items on a board
• Optimize your instance with safeguards
• Optimize your custom fields
• One place to clean them all
• Strengthen sysadmin and OS access separation
• Protect you Jira nodes with JQL resilience
• Connect securely with OAuth 2.0 for app links
• Rate limiting now supports OAuth 2.0
• Deprecation of Browse Project properties in workflows
• Indexing and snapshots improved with OpenSearch
• Handle large tables with Cluster message cleaning service
• React 18 and Atlaskit upgrade in Jira 11.2
• Changes to supported platforms
• App developers
• Upgrade procedure
• Resolved issues

Welcome OpenSearch in Jira Data Center

For:
END USERS
ADMINS

With the Jira Data Center 11.2 release, OpenSearch is fully supported for production use. You can now configure Jira to use OpenSearch as your search platform, either on premises or as a managed service like AWS OpenSearch Service.
Explore how to configure OpenSearch for Jira
We recommend switching to OpenSearch because it offers performance, scalability, and reliability improvements over Lucene.
To understand the differences between OpenSearch and the default Lucene search platform, review the OpenSearch for Confluence Data Center guide. While this guide focuses on Confluence, the information about the search platforms is also relevant for Jira. We're working on a Jira-specific report and will share it as soon as it's ready.
You might also want to get familiar with our previous OpenSearch documentation:

• Search API deprecations and upgrade guide for Jira 11
• Migrating FieldIndexers in Jira 11
• Migrating Lucene collectors to Search API in Jira 11

New limit of 10,000 items on a board

For:
END USERS
ADMINS

This limit applies only when you’re using OpenSearch. The default Lucene search platform isn’t affected, but you can also configure Lucene to enforce the same limit.
With the OpenSearch implementation in Jira, Scrum and Kanban boards can display up to 10,000 items. When a board is full, an admin needs to update the board filter to reduce the number of included issues. This update helps Jira scale for large enterprises, improves search performance, and prevents indexing bottlenecks.
To check the total number of issues on your board, go to Issues, then select Search for issues and apply your board’s filter. By default, you can view up to 10,000 issues. An admin can override this limit by setting the jira.search.platform.max.result.window property.
More about issue display limits on boards

Optimize your instance with safeguards

For:
ADMINS

Jira Instance Optimiser now includes safeguards to help you stay within recommended limits for comments, custom fields, issue types, issues, and projects. These safeguards help maintain system stability and performance as your instance grows.
To set up the limits:

1. In the upper-right corner of your Jira application, select Jira administration, and then select System.
2. In the sidebar, find Instance Optimizer and select Overview.
3. Select Configure safeguards.
   You can enable or disable safeguard enforcement, and choose whether to receive email and in-app notifications. When usage approaches a set limit, system admins receive notifications. If a user tries to perform an action that would breach a safeguard, the action is blocked and the user receives a warning.
   Explore how to configure safeguards in Instance optimizer

Optimize your custom fields

For:
ADMINS

Instance optimizer now makes it easier to manage your custom fields. You can search, filter, and take bulk actions, including deleting custom fields directly from the recommendations page. You can also see more details about custom field usage and the impact of localizing these fields.
You can scan your custom fields to identify those with configurations that can be optimized. If your last scan is more than 24 hours old, you will need to re-scan to ensure you have the most up-to-date data. After 24 hours, previous scan results are no longer displayed.
Optimize your custom fields in Jira

One place to clean them all

For:
ADMINS

We're deprecating the Clean up functionality in Jira Data Center and removing the Audit Custom Fields link. Instead, the cleanup features, such as project and issue archiving, are now integrated into the preinstalled Instance Optimizer app, which provides more efficient and automated ways to optimize your instance.
With this change, you’ll find all the cleanup features in one place.
More about Instance Optimizer for Jira

Strengthen sysadmin and OS access separation

For:
ADMINS

Starting from Jira 11.2, we’ve clarified the distinction between the global administrative permissions: Jira administrator and Jira System administrator and introduced new application properties. You can use them to ensure that only users with the highest level of administrative access can perform sensitive operations.
In Jira 11.2, the stricter permissions are opt-in, but they'll become opt-out in a future major version of Jira Data Center.
System administrators can update these properties in the advanced settings in Jira. By default, they’re set to false and let you opt in to the updated role requirements at your own pace. You can test them by setting the property value to true. Enable each property individually to apply stricter permissions

Protect you Jira nodes with JQL resilience

For:
ADMINS

We’re introducing JQL resilience, a set of safeguards that help prevent node crashes caused by resource-intensive JQL operations. To stop a JQL query from using too much memory or running for too long, you can:

• set a maximum search result limit.
• define a JQL query time limit to interrupt queries that run too long.
• enable a memory usage circuit breaker to reject new JQL queries when memory is low.
  For each node, you can control these limits in the jira-config.properties file. Each change requires you to restart Jira for it to take effect.
  Explore how to use JQL resilience
  When these features are enabled, some JQL searches might return a SearchException in situations you didn’t encounter before, such as timeouts. Jira logs these events and publishes them in the audit log. Use these features only when the risk of node crashes outweighs the impact of failed queries.

Connect securely with OAuth 2.0 for app links

For:
ADMINS

We’ve added OAuth 2.0 support for application links (app links) across Atlassian Data Center products. OAuth 2.0 is an industry-standard authentication protocol that enables secure mand reliable connections between Atlassian products and external applications.
More about creating applinks
We’re also working on OAuth 2.0-based app links to connect with cloud to allow for secure and efficient integrations of hybrid environments, and will share the timeline soon.

Rate limiting now supports OAuth 2.0

For:
ADMINS

Rate limiting in Jira now supports OAuth 2.0 2-legged (2LO) authentication. This update lets you configure rate limits for OAuth 2.0 requests separately from other API requests, making it easier to manage integrations like the Rovo connector.
More about rate limiting in Jira

Deprecation of Browse Project properties in workflows

For:
ADMINS

Starting in Jira 11.2.0, we're deprecating the jira.permission.browse.* workflow step properties. These properties are used to restrict issue visibility on certain workflow steps.
Alternatively, you can set the issue security levels and automation rules to control which users can access the issue based on their project role and the current issue status.
Update your workflows to use the alternative functionality
To preview the Browse Project removal enforcement, you can enable the com.atlassian.jira.workflow.permission.browse.removal feature flag. Jira permission manager will ignore these Browse Project properties starting from version 12.0.0.

Indexing and snapshots improved with OpenSearch

For:
ADMINS

When OpenSearch is enabled in Jira Data Center, you’ll notice changes to both the user interface and REST APIs. The Index Admin UI now uses a new URL (OpenSearchIndexAdmin.jspa) and offers a different set of configuration options tailored for OpenSearch.
The indexing and snapshot API endpoints now reflect OpenSearch-specific behavior.

• The reindex endpoint always performs a full background reindex:
  • /jira/rest/api/2/reindex
• The snapshot endpoints are disabled because they don’t apply to OpenSearch:
  • /rest/api/2/index-snapshot
  • /rest/api/2/cluster/index-snapshot/{nodeId}

Handle large tables with Cluster message cleaning service

For:
ADMINS

The Cluster message cleaning service now deletes expired rows in batches of 100,000, making it easier to manage very large tables, even up to 100 million rows. This update prevents database strain by avoiding single, large transactions that could cause memory or disk issues.
Configure Cluster message cleaning service in Jira

React 18 and Atlaskit upgrade in Jira 11.2

For:
ADMINS

In Jira 11.1, we upgraded React to version 18 and updated Atlaskit components to their latest versions for Platform packages, Jira Service Management, and Assets. In Jira 11.2, these upgrades have now been applied across the rest of Jira. This change reduces vulnerabilities inherited from older Atlaskit packages and brings recent bug fixes and accessibility improvements to Jira.
As part of this update, some React web resources have been deprecated. If your custom apps or integrations rely on these resources, check out the recommended replacements for improved performance.
More about Web Resource deprecation and replacements

Supported platforms changes

In Jira 11.2, support for Microsoft SQL Server 2019 (MSSQL 2019) is deprecated.
For the list of supported platforms, see Supported platforms.
For previous announcements, see End of support announcements.

App developers

See Preparing for Jira 11.2 for any important changes regarding apps.

Upgrade steps

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Resolved issues

See the full list of the issues we’ve resolved throughout the lifecycle of Jira Software 11.2.

Issues resolved in 11.2.0
Released on 6 November 2025
[Table of resolved issues with keys, summaries, and statuses, including bugs fixed and improvements made]

Last modified on Nov 6, 2025

Original source Report a problem

Highlights

• Find missing issues in Advanced Roadmaps for Jira
• Manage your integrations and automations with service accounts
• Sign SAML authentication requests
• React 18.3 and Atlaskit upgrade
• Changes to supported platforms
• App developers
• Upgrade procedure
• Resolved issues

See the full list of issues resolved in this release.

Compatible applications

If you're looking for compatible Jira applications, look no further: Jira Service Management 11.1 release notes.

Find missing issues in Advanced Roadmaps for Jira

• For: END USERS ADMINS
  We’re introducing the Find your issue feature to help you quickly understand why a specific issue isn’t visible in your Advanced Roadmaps for Jira dashboard. You can search for any issue by its key, and Jira will analyze your dashboard’s filters and settings to explain why the issue is missing.
• Diagnostics run in the background. Each request is handled separately, and rate limits help maintain consistent performance.
  To find missing issues:
• From the Roadmap tab, go to Settings, then Configure, then select Find your issues.
• In the search box, enter the issue key and select Search.
  More about missing issues in Advanced Roadmaps

Manage your integrations and automations with service accounts

• For: ADMINS
  Service accounts are specialized, non-user accounts created for secure and efficient management of automated processes and external integrations. With service accounts, you can securely access REST APIs using the OAuth 2.0 authentication method to execute scripts and run tasks while maintaining full control of permissions. All actions performed by service accounts are tracked, providing visibility into their operations.
• To set up a service account:
• Go to Administration, then User management, then from the sidebar select Service accounts.
• Select Create service account.
• Follow the prompts to configure your service account’s details, scopes, and resources, then generate your OAuth 2.0 credentials.
• Review all the details and copy your credentials to a safe place.
  Explore how to manage a service account

Sign SAML authentication requests

• For: ADMINS
  We’re implementing signed Security Assertion Markup Language (SAML) authentication requests to strengthen your instance’s security. When SAML is enabled, the authentication plugin generates a certificate and private key during startup. The private key signs SAML authentication requests, and you can download the certificate to upload to your Identity Provider (IdP). This lets the IdP verify the authenticity and integrity of each request.
• To enable signing SAML authentication requests, go to the Authentication methods page and select Sign requests.
  Explore SAML single sign-on for Atlassian Data Center applications

React 18.3 and Atlaskit upgrade

• For: ADMINS
  We're upgrading Jira Data Center to use React 18.3 and the latest Atlaskit components. This update helps keep your instance secure and compliant by enabling continuous security updates and bug fixes from Atlaskit and React. In Jira 11.1, we upgrade Platform packages, Jira Service Management, and Assets.
  The React 16 web resources exposed by Jira are now deprecated. We recommend migrating your custom apps and integrations to React 18.3 to ensure compatibility and continued support.
  Review code sharing and migration guidance

Changes to supported platforms

This release of Jira Software doesn’t introduce any changes to supported platforms.

• For the list of supported platforms, see Supported platforms.
• For previous announcements, see End of support announcements.

App developers

See Preparing for Jira 11.1 for any important changes regarding apps.

Upgrade procedure

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Resolved issues

See the full list of the issues we’ve resolved throughout the lifecycle of Jira Software 11.1.

• Issues resolved in 11.1.0

• Released on 24 September 2025

• 16 issues

• Issues resolved in 11.1.1

• Released on 15 October 2025

• 19 issues

Last modified on Oct 15, 2025

Original source Report a problem

We're pleased to present Jira Software 11.1.

Highlights

• Find missing issues in Advanced Roadmaps for Jira
• Manage your integrations and automations with service accounts
• Sign SAML authentication requests
• React 18.3 and Atlaskit upgrade
• Changes to supported platforms
• App developers
• Upgrade procedure
• Resolved issues

More

See the full list of issues resolved in this release.

Compatible applications

If you're looking for compatible Jira applications, look no further: Jira Service Management 11.1 release notes.

Find missing issues in Advanced Roadmaps for Jira

For: END USERS ADMINS

We’re introducing the Find your issue feature to help you quickly understand why a specific issue isn’t visible in your Advanced Roadmaps for Jira dashboard. You can search for any issue by its key, and Jira will analyze your dashboard’s filters and settings to explain why the issue is missing.
Diagnostics run in the background. Each request is handled separately, and rate limits help maintain consistent performance.
To find missing issues:

• 1. From the Roadmap tab, go to Settings, then Configure, then select Find your issues.
• 1. In the search box, enter the issue key and select Search.

More about missing issues in Advanced Roadmaps

Manage your integrations and automations with service accounts

For: ADMINS

Service accounts are specialized, non-user accounts created for secure and efficient management of automated processes and external integrations. With service accounts, you can securely access REST APIs using the OAuth 2.0 authentication method to execute scripts and run tasks while maintaining full control of permissions. All actions performed by service accounts are tracked, providing visibility into their operations.
To set up a service account:

• 1. Go to Administration, then User management, then from the sidebar select Service accounts.
• 1. Select Create service account.
• 1. Follow the prompts to configure your service account’s details, scopes, and resources, then generate your OAuth 2.0 credentials.
• 1. Review all the details and copy your credentials to a safe place.
     Explore how to manage a service account

Sign SAML authentication requests

For: ADMINS

We’re implementing signed Security Assertion Markup Language (SAML) authentication requests to strengthen your instance’s security. When SAML is enabled, the authentication plugin generates a certificate and private key during startup. The private key signs SAML authentication requests, and you can download the certificate to upload to your Identity Provider (IdP). This lets the IdP verify the authenticity and integrity of each request.
To enable signing SAML authentication requests, go to the Authentication methods page and select Sign requests.
Explore SAML single sign-on for Atlassian Data Center applications

React 18.3 and Atlaskit upgrade

For: ADMINS

We're upgrading Jira Data Center to use React 18.3 and the latest Atlaskit components. This update helps keep your instance secure and compliant by enabling continuous security updates and bug fixes from Atlaskit and React. In Jira 11.1, we upgrade Platform packages, Jira Service Management, and Assets.
The React 16 web resources exposed by Jira are now deprecated. We recommend migrating your custom apps and integrations to React 18.3 to ensure compatibility and continued support.
Review code sharing and migration guidance

Changes to supported platforms

This release of Jira Software doesn’t introduce any changes to supported platforms.
For the list of supported platforms, see Supported platforms.
For previous announcements, see End of support announcements.

App developers

See Preparing for Jira 11.1 for any important changes regarding apps.

Upgrade procedure

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Resolved issues

See the full list of the issues we’ve resolved throughout the lifecycle of Jira Software 11.1.

Issues resolved in 11.1.0

Released on 24 September 2025

• Timeout message not displayed correctly when releasing a large amount of issues from a Kanban board
• Timeout errors can occur when completing sprints in Scrum boards
• JIRA Software JAVA API for Version 7 and above
• Epic name character limit exists in GH but not JIRA
• The multi-byte characters are garbled in the Time since chart and the Resolution time gadgets
• No Confluence page found with the given URL while linking confluence web page
• Confluence displays the warning "Application 'xxx' seems to be offline. Click here to relocate" for application links to Jira when the dark feature "public.access.disabled" is enabled in Jira 10.3.x
• Invalid use of RequestCache by thread: JIRA-Import-Thread
• Editor: Buttons not operable with a keyboard
• Editor: Non-descriptive link text
• Automation rules cannot be published when copying the "Customer Request Type" field from relevant sources in "clone issue" or "edit issue" actions

Original source Report a problem

Here are some important notes on upgrading to Jira Software 11.0.x. For details of the new features and improvements in this release, see the Jira Software 11.0 release notes.

Platform releases allow us to incorporate multiple significant changes (often called breaking changes) that aren't compatible with previous versions. These changes establish a strong foundation for more extensive development in future releases.

To increase security and performance, we've made changes in our core architecture that require apps to bundle their libraries. We're collaborating with our Marketplace partners on these changes, however, some apps may not be immediately compatible with the new platform upon release and cause product experience breaks. We recommend that you review your apps before upgrading to avoid service disruptions for your organization.

To check app compatibility, visit Checking app compatibility with application updates or the Atlassian Marketplace to see if your app hosting is compatible with your product version.

Skip to:

• Spring and Jakarta upgrade
• Upgrade to jQuery 3
• Removal of deprecated components in AUI 10
• End of support for LESS
• Global serialization filter
• Add scopes to REST endpoints to use OAuth 2.0 2LO
• OAuth 2.0 security improvements
• Basic authentication disabled by default
• Updated Tomcat protocols
• Changes to supported platforms
• App developers
• Upgrade procedure

Due to changes in the index structure, you’ll need to perform a full re-index when upgrading to Jira 11. More about Jira indexing

Spring and Jakarta upgrade

To maintain high security standards and keep dependencies supported and up to date, we’re upgrading Spring to the 6.x line, Jakarta to EE Platform 10, Apache Tomcat to 10.1 as well as other libraries that depend on Spring and Jakarta.

The Apache Tomcat upgrade also introduces changes under the Jakarta Servlet specification. If you rely on custom server settings or connectors, review the following before upgrading:

• Check custom server.xml configurations, especially any references to "javax.servlet" APIs. Tomcat 10.1 has migrated to the "jakarta.servlet" namespace.
• Verify that any connectors (HTTP, AJP, etc.) are still supported and properly configured in Tomcat 10.1.
• Confirm that any security or TLS/SSL settings are compatible with Tomcat 10.1's default cryptographic protocols.

For detailed information on the changes introduced in Tomcat 10.1, consult the official Apache Tomcat documentation.

Upgrade to jQuery 3

We’ve upgraded jQuery from version 2 (with [email protected]) to version 3 (with [email protected]) to align on jQuery versions across all Data Center products. This means a significant jQuery version uplift for products containing older versions of jQuery that will make developing cross-product apps easier.

For more details, refer to the jQuery Core 1.9 upgrade guide and jQuery Core 3.0 upgrade guide.

Removal of deprecated components in AUI 10

We’re removing some outdated AUI 10 components with design and accessibility issues (Dropdown 1 and Toolbar 1) and updating internal dependencies to better support jQuery 3 and proactively address security issues.

End of support for LESS

To enhance the security and performance, we’re removing the ability to transform LESS to CSS at runtime, requiring LESS to be transpiled into CSS at compile time.

Global serialization filter

We’re implementing a global serialization filter that relies on a central blocklist for Java deserialization, Velocity, Struts, and XStream. This filter is designed to block specific classes and patterns that are recognized as vulnerable to Remote Code Execution (RCE) through publicly known gadget chains.

Add scopes to REST endpoints to use OAuth 2.0 2LO

We’ve introduced @ScopesAllowed to improve security and control over REST endpoints.
Add the @ScopesAllowed annotation to your endpoints to make them accessible using an OAuth 2.0 Client Credentials token (2LO).
For example, this annotation requires that the access token has the WRITE scope before providing access to this endpoint.
@POST
@ScopesAllowed(requiredScope = "WRITE")
public void createEntity(...) {}

OAuth 2.0 security improvements

We're implementing several important changes to our OAuth 2.0 authentication process to enhance security and efficiency.

• Enforced global maximum time on access tokens: Access tokens will now have a maximum validity period of 1 hour. This change is designed to improve security by ensuring tokens are refreshed more frequently. You can change the value by setting the atlassian.oauth2.provider.access.token.expiration.seconds system property.
• Maximum lifetime of client ID and secret: The lifetime of client IDs and secrets is now 90 days by default. However, you can adjust this setting to a maximum of 730 days. This change aims to encourage regular rotation of credentials. You can change the value by setting the atlassian.oauth2.provider.client.credentials.expiration.seconds system property.
• Rotation of client credentials: We recommend regularly rotating your client credentials, including both the client ID and secret, to improve security. Setting up a rotation policy helps reduce the risk if credentials are ever compromised.
• Revocation of rotated client credentials: Once client credentials (client ID and secret) are rotated, the previous credentials can be revoked. This ensures that only the most recent credentials remain active, reducing the risk of unauthorized access.
• Revocation of user's refresh tokens: We now provide the ability to revoke all refresh tokens associated with a specific user. Additionally, administrators have the authority to revoke all refresh tokens for users within the system. This capability allows for greater control over session management and security.
• Maximum number of refresh tokens: The maximum number of refresh tokens allowed per client ID and user is limited to 25. This limitation helps manage resource usage and ensures that token proliferation is kept in check. You can change the value by setting the atlassian.oauth2.provider.refresh.token.limit.per.client.user system property.

Basic authentication disabled by default

We’re disabling authentication with basic authentication by default. This is a first step towards the removal of basic authentication altogether as we develop and mature alternatives to support the remaining few use cases.

Updated Tomcat protocols

We’ve updated the protocols provided by Jira extending the Tomcat protocols with support for password encryption:

The APR/Native library and the APR/Native Connectors, including both AJP and HTTP, are deprecated in Tomcat 10 and will be removed starting from Tomcat 10.1.x. Specifically, the Http11AprProtocol (HTTP connector) and the AjpAprProtocol (AJP connector) are deprecated. Consequently, com.atlassian.secrets.tomcat.protocol.AjpAprProtocolWithPasswordEncryption and com.atlassian.secrets.tomcat.protocol.Http11AprProtocolWithPasswordEncryption are no longer supported in Jira 11.

Changes to supported platforms

See what changes have been made to supported platforms in this Jira release. For more details, check out Supported platforms.

End-of-support announcements

We’ve removed support for:

• JDK 17
• PostgreSQL 15
• PostgreSQL 14
• PostgreSQL 13
• PostgreSQL 12
• MySQL 8.0
• Oracle 18c
• MSSQL Server 2017

Added support

We’ve added support for:

• JDK 21
• PostgreSQL 17
• MySQL 8.4 LTS

This version of Jira will only run on Java 21.

App developers

See Preparing for Jira 11.0 for any important changes regarding apps.

Upgrade procedure

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Original source Report a problem

Spring and Jakarta upgrade

To maintain high security standards and keep dependencies supported and up to date, we’re upgrading Spring to the 6.x line, Jakarta to EE Platform 10, Apache Tomcat to 10.1 as well as other libraries that depend on Spring and Jakarta.

The Apache Tomcat upgrade also introduces changes under the Jakarta Servlet specification. If you rely on custom server settings or connectors, review the following before upgrading:

• Check custom server.xml configurations, especially any references to "javax.servlet" APIs. Tomcat 10.1 has migrated to the "jakarta.servlet" namespace.
• Verify that any connectors (HTTP, AJP, etc.) are still supported and properly configured in Tomcat 10.1.
• Confirm that any security or TLS/SSL settings are compatible with Tomcat 10.1’s default cryptographic protocols.

For detailed information on the changes introduced in Tomcat 10.1, consult the official Apache Tomcat documentation.

Upgrade to jQuery 3

We’ve upgraded jQuery from version 2 (with [email protected]) to version 3 (with [email protected]) to align on jQuery versions across all Data Center products. This means a significant jQuery version uplift for products containing older versions of jQuery that will make developing cross-product apps easier.

For more details, refer to the jQuery Core 1.9 upgrade guide and jQuery Core 3.0 upgrade guide.

Removal of deprecated components in AUI 10

We’re removing some outdated AUI 10 components with design and accessibility issues (Dropdown 1 and Toolbar 1) and updating internal dependencies to better support jQuery 3 and proactively address security issues.

End of support for LESS

To enhance the security and performance, we’re removing the ability to transform LESS to CSS at runtime, requiring LESS to be transpiled into CSS at compile time.

Global serialization filter

We’re implementing a global serialization filter that relies on a central blocklist for Java deserialization, Velocity, Struts, and XStream. This filter is designed to block specific classes and patterns that are recognized as vulnerable to Remote Code Execution (RCE) through publicly known gadget chains.

Add scopes to REST endpoints to use OAuth 2.0 2LO

We’ve introduced @ScopesAllowed to improve security and control over REST endpoints.
Add the @ScopesAllowed annotation to your endpoints to make them accessible using an OAuth 2.0 Client Credentials token (2LO).
For example, this annotation requires that the access token has the WRITE scope before providing access to this endpoint.

@POST
@ScopesAllowed(requiredScope = "WRITE")
public void createEntity(...) {}

OAuth 2.0 security improvements

We're implementing several important changes to our OAuth 2.0 authentication process to enhance security and efficiency.

• Enforced global maximum time on access tokens: Access tokens will now have a maximum validity period of 1 hour. This change is designed to improve security by ensuring tokens are refreshed more frequently. You can change the value by setting the atlassian.oauth2.provider.access.token.expiration.seconds system property.
• Maximum lifetime of client ID and secret: The lifetime of client IDs and secrets is now 90 days by default. However, you can adjust this setting to a maximum of 730 days. This change aims to encourage regular rotation of credentials. You can change the value by setting the atlassian.oauth2.provider.client.credentials.expiration.seconds system property.
• Rotation of client credentials: We recommend regularly rotating your client credentials, including both the client ID and secret, to improve security. Setting up a rotation policy helps reduce the risk if credentials are ever compromised.
• Revocation of rotated client credentials: Once client credentials (client ID and secret) are rotated, the previous credentials can be revoked. This ensures that only the most recent credentials remain active, reducing the risk of unauthorized access.
• Revocation of user's refresh tokens: We now provide the ability to revoke all refresh tokens associated with a specific user. Additionally, administrators have the authority to revoke all refresh tokens for users within the system. This capability allows for greater control over session management and security.
• Maximum number of refresh tokens: The maximum number of refresh tokens allowed per client ID and user is limited to 25. This limitation helps manage resource usage and ensures that token proliferation is kept in check. You can change the value by setting the atlassian.oauth2.provider.refresh.token.limit.per.client.user system property.

Basic authentication disabled by default

We’re disabling authentication with basic authentication by default. This is a first step towards the removal of basic authentication altogether as we develop and mature alternatives to support the remaining few use cases.

Updated Tomcat protocols

We’ve updated the protocols provided by Jira extending the Tomcat protocols with support for password encryption:

The APR/Native library and the APR/Native Connectors, including both AJP and HTTP, are deprecated in Tomcat 10 and will be removed starting from Tomcat 10.1.x. Specifically, the Http11AprProtocol (HTTP connector) and the AjpAprProtocol (AJP connector) are deprecated. Consequently, com.atlassian.secrets.tomcat.protocol.AjpAprProtocolWithPasswordEncryption and com.atlassian.secrets.tomcat.protocol.Http11AprProtocolWithPasswordEncryption are no longer supported in Jira 11.

Changes to supported platforms

See what changes have been made to supported platforms in this Jira release. For more details, check out Supported platforms.

End-of-support announcements

We’ve removed support for:

• JDK 17
• PostgreSQL 15
• PostgreSQL 14
• PostgreSQL 13
• PostgreSQL 12
• MySQL 8.0
• Oracle 18c
• MSSQL Server 2017

Added support

• JDK 21
• PostgreSQL 17
• MySQL 8.4 LTS

This version of Jira will only run on Java 21.

App developers

See Preparing for Jira 11.0 for any important changes regarding apps.

Upgrade procedure

Upgrading from Jira version 10.x.x?

• See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
• For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

Original source Report a problem