One key component of managing your Atlassian products is managing their upgrades. Upgrades can present a daunting and significant time investment for many companies, generally involving apps, custom-developed plugins, and integrations, with a large number of users dependent on their success.
You know what upgrades are and that they're important. So why am I talking to you about them? Imagine the scenario, you're busy, you haven't had a chance to check in on the latest Atlassian security vulnerabilities and the emails you've received about them have been missed. You have also had higher priority work eating up team time, which has prevented the planning and execution of your Atlassian upgrades. One day, your instance comes under attack through one of the vulnerabilities exposed in the CVE. Your data is potentially exposed. An urgent, large, expensive, complex effort ensues in order to secure the instance; after 3 days, 2 full sweeps of the instance and multiple upgrades, the vulnerabilities are mitigated and your instance is safe.
Are you confident in when your applications are due an upgrade? Let's review a few common reasons why an upgrade may be recommended:
End of Life Policy
Once Atlassian has released a major feature version, it, and all iterations related to that major version, are supported for two years. After that, the versions are considered End of Life, and you will no longer receive support from Atlassian for any issues which arise. It is when reaching this point, that many people start considering upgrading their instances.
Every Wednesday, Atlassian releases any new security vulnerabilities which have been identified for their server/data center products. These vulnerabilities include a security level, which is based on an Atlassian-calculated CVSS score for each vulnerability.
Severity Rating System followed by Atlassian:
|CVSS V3 SCORE RANGE||SEVERITY IN ADVISORY|
Although there may be opportunities to mitigate security vulnerabilities in your current version, it is recommended to patch or upgrade immediately when a Critical vulnerability is identified. Vulnerabilities with a critical score generally result in root-level compromise or servers or infrastructure devices or are straightforward to exploit.
Current security advisories can be found here.
New Functionality / Capabilities
Did you know that there is a new feature release for Jira Software every 6 weeks alone? Atlassian encourages users to submit bugs and feature requests at jira.atlassian.com. This public forum allows users to vote for and comment on submitted issues, and the Atlassian team utilizes this and other feedback as a factor in their decision for what to implement next. Platform releases contain the most significant changes, while Feature releases contain new features, changes to features, changes to supported platforms, and removal of features. Feature releases can be designated as Enterprise releases, which, generally designated annually, are preferred for companies who need time to prepare for upgrades, but still want to receive critical bug fixes.
Compatibility with Other Server Components
From time to time, Atlassian adds and deprecates support for other server component platforms which work alongside your Atlassian application. For example, did you know that in Jira Software 8.6 and Jira Service Desk 4.6, support was added for PostgreSQL 10 and deprecated for Internet Explorer 11, whereas in Jira Software 8.8 and Jira Service Desk 4.8, support was deprecated for Microsoft SQL Server 2012 and PostgreSQL 9.4 & 9.5. To ensure optimal operation of your Atlassian instances, it's just as important to upgrade components of your server architecture, as well as your instances themselves.
If you are one of the many teams who utilize plugins within their Atlassian applications, plugin compatibility and support is another area to be aware of when considering upgrades. Has support been deprecated for the plugin with the Atlassian version you're running? Is the plugin still supported when you upgrade to your target version? Atlassian has developed the Universal Plugin Manager, available in both Jira and Confluence, to enable you to screen for any compatibility problems prior to starting your upgrade. There are 4 categories for Compatibility that plugins can fall into - Incompatible (the plugin is not compatible with the target version), Compatible, Compatible if updated (the plugin is not currently compatible, but will be once running the compatible version), and Compatible once both are updated (the new version of the plugin isn't compatible with your current instance version - you need to upgrade your instance prior to updating the plugin).
Unable to Skip a Platform Release
When considering which version you'd like to upgrade to, it's important to consider your current version and your target version. When upgrading, it is not possible to skip a platform release - therefore, for example, when considering a Jira Software upgrade, it is not possible to jump from a 6.X release to the 8.X release and skip the 7.X release, you would need to take an intermediate step to upgrade to a 7.X version. Due to the functionality changes being much greater between platform releases that are not adjacently sequenced, there are more edge cases, and thus, greater risk, when navigating an upgrade spanning multi-platform releases.
For assistance with upgrading your applications, partner with Praecipio's Modern Service Management team! Our team, fully dedicated to the Atlassian stack, offers peace of mind through managing, supporting, and maintaining your Atlassian tools, enabling you to maximize the benefits of your Atlassian applications while allowing your team to focus on their core roles. Working with our Modern Service Management team offers tribal knowledge and best practice from over 10 years of working with the tools, allowing us to enable your Atlassian stack to be optimized and operate at peak performance.
For more information on Managed Services, or anything else Atlassian related, contact us, and one of our experts will gladly talk with you.