One key component of managing your Atlassian applications is managing their upgrades. Upgrades can present a daunting and significant time investment for many companies, generally involving applications, add-ons, and integrations, with a large number of users dependent on the success
You know what upgrades are and that they're important. So why am I talking to you about them? Imagine the scenario: you're busy, you haven't had a chance to check in on the latest Atlassian security vulnerabilities, and you've missed the email updates based on your subscription.
You also had higher priority work eating up team time which has prevented the planning and execution of your Atlassian upgrades. One day, your instance comes under attack through one of the vulnerabilities exposed in the CVE. Your data is potentially exposed. An urgent, large, expensive, complex effort ensues to secure the instance; after three days, two full sweeps of the instance and multiple upgrades, the vulnerabilities are mitigated and your instance is safe.
Are you confident you know when your applications are due for an upgrade? Let's review a few common reasons why an upgrade may be recommended.
End of Life Policy
Once Atlassian releases a major feature version, it, and all iterations related to that major version, are supported for two years. After that, the versions are considered End of Life and you will no longer receive support from Atlassian for any issues which arise. This is when many Atlassian Administrators start considering upgrading their instances.
Every Wednesday, Atlassian releases any new security vulnerabilities which have been identified for their server/data center products. These vulnerabilities include a security level, which is based on an Atlassian-calculated CVSS score for each vulnerability.
Severity Rating System followed by Atlassian:
Although there may be opportunities to mitigate security vulnerabilities in your current version, it is recommended to patch or upgrade immediately when a Critical vulnerability is identified. Vulnerabilities with a critical score generally result in root-level compromise, servers or infrastructure devices, or are straightforward to exploit.
Current security advisories can be found here.
Did you know that there is a new feature release for Jira Software every 6 weeks alone? Atlassian encourages users to submit bugs and feature requests at jira.atlassian.com. This public forum allows users to vote for and comment on submitted issues. Then, the Atlassian teams review this and other feedback as a factor in their decision for what to implement next. Platform releases contain the most significant changes, while Feature releases contain new features, changes to features, changes to supported platforms, and removal of features. Generally designated annually, feature releases are preferred for companies who need time to prepare for upgrades, but still want to receive critical bug fixes.
Compatibility with other Server Components
From time to time, Atlassian adds and deprecates support for other server component platforms, which work alongside your Atlassian application. For example, did you know that in Jira Software 8.6 and Jira Service Desk 4.6, support was added for PostgreSQL 10 and deprecated for Internet Explorer 11? In addition, in Jira Software 8.8 and Jira Service Desk 4.8, support was deprecated for Microsoft SQL Server 2012 and PostgreSQL 9.4 & 9.5. To ensure optimal operation of your Atlassian instances, it's just as important to upgrade components of your server architecture as well as your instances themselves.
App (Plugin) Support
If you are one of the many teams who utilize Apps (plugins) within their Atlassian applications, plugin compatibility and support is another area to be aware of when considering upgrades. Has support been deprecated for the plugin with the Atlassian version you're running? Is the plugin still supported when you upgrade to your target version? Atlassian has developed the Universal Plugin Manager, available in both Jira and Confluence, to enable you to screen for any compatibility problems before starting your upgrade. There are 4 categories for Compatibility which plugins can fall into:
- Incompatible: the plugin is not compatible with the target version
- Compatible: No adverse impacts to the target version
- Compatible if updated: the plugin is not currently compatible, but will be once running the compatible version
- Compatible once both are updated: the new version of the plugin isn't compatible with your current instance version and you need to upgrade your instance prior to updating the plugin
Unable to Skip a Platform Release
When considering which version you'd like to upgrade to, it's important to consider your current version and your target version. When upgrading, it is not possible to skip a platform release. For example, when considering a Jira software upgrade, it is not possible to jump from a 6.X release to the 8.X release and skip the 7.X release. You must take an intermediate step to upgrade to a 7.X version. Due to the functionality changes being much greater between platform releases that are not adjacently sequenced, there are more edge cases, and thus, greater risk, when navigating an upgrade spanning multi-platform releases.
For assistance with upgrading your applications, partner with Praecipio Consulting's Managed Services team! Our team is fully dedicated to the Atlassian stack and can offer you peace of mind by managing, supporting, and maintaining your Atlassian tools. This allows you to maximize the benefits of your Atlassian applications and empowers your team focus on what they do best. Working with our Managed Services team offers you expertise and best practices that draw from our wealth of experience and from 15 years working with the tools. We take the maintenance process off your plate, making sure that your tools–and your team–run at peak performance.