What's new

  • Improved JSM portal redirection, improved metadata reload, several smaller improvements and bugfixes.

Upgrade consideration

No special considerations apply to this update.

Data Center

This version is fully compatible with Jira, Confluence, Bitbucket, and Bamboo Data Center.

Changelog

6.10.3

Released on 25 June 2024 for Jira, Confluence, Bitbucket, and Bamboo (Server and Data Center).

  • SAML Single Sign-On 6.10.3 is bugfix release that only contains changes in User sync, see 2.13.x release notes for more details.

Changes specific to Jira

  • None

Changes specific to Confluence

  • None

Changes specific to Bitbucket

  • None

Changes specific to Bamboo

  • None

6.10.2

Released on 13 May 2024 for Jira, Confluence, Bitbucket, and Bamboo (Server and Data Center).

  • SAML Single Sign-On 6.10.2 comes with the User Sync 2.13.1 release, see 2.13.x release notes.
  • OIDC: Added RS512 to set of supported algorithms for JWT token validation
  • Add option to exclude debug messages from being logged in authentication trackers.

Changes specific to Jira

  • None

Changes specific to Confluence

  • None

Changes specific to Bitbucket

  • None

Changes specific to Bamboo

  • None

6.10.1

Released on 23 April 2024 for Jira, Confluence, Bitbucket, and Bamboo (Server and Data Center).

  • Fixed bug in OAuth2/Social Login wizard for configuring a new IdP.
  • Updated dependencies (Bouncy Castle).

Changes specific to Jira

  • None

Changes specific to Confluence

  • None

Changes specific to Bitbucket

  • None

Changes specific to Bamboo

  • None

6.10.0

Released on 2 April 2024 for Jira, Confluence, Bitbucket, and Bamboo (Server and Data Center).

  • SAML Single Sign-On 6.10.0 comes with the User Sync 2.13.0 release, see 2.13.x release notes.
  • Now displays the last metadata reload date next to the option to reload metadata every day for better visibility and management.
  • Ensured SAML authentication cannot proceed if the certificate is no longer valid, closing a security loophole.

  • Eliminated an open redirect vulnerability associated with whitespace and control characters in the redirection path.

  • Addressed an issue where "SaveIdPSelection" parameter in the IdP selection template did not behave as intended across different Tomcat versions.

  • Fixed an issue with the OIDC Keycloak wizard removing /auth unexpectedly.
  • The Azure AD integration has been updated to reflect its new name, Microsoft Entra ID, aligning with Microsoft's rebranding initiative.

  • Corrected a flaw where request info was not always added to the tracker, improving tracking accuracy.

  • Resolved a bug where the "Contact support" dialog was broken, ensuring users can reach out for support when needed.

Changes specific to Jira

  • Simplified SSO redirection management for JSM Portals with the introduction of an exclusion list, making it easier to define and manage exceptions.
  •  /visitportal URLs for Service Managment used in the customer welcome emails now trigger SSO if the redirection is enabled for the portal. So customers clicking this link are logged in via SSO and see the portal instead of the page to set a local password.
  • Fixed an issue where logouts were not being recorded in the audit log.

Changes specific to Confluence

  • Fixed an issue where logouts were not being recorded in the audit log.

Changes specific to Bitbucket

  • None

Changes specific to Bamboo

  • None