Release 6.x
Check out what’s new for ScriptRunner for Bitbucket Server.
6.39.0
Unicode Bidirectional Override Characters Vulnerability
Recently, Atlassian highlighted a security vulnerability where special characters (unicode bidirectional override characters) were not rendered or displayed in the affected applications (CVE-2021-42574). This vulnerability could affect ScriptRunner if a user were to copy malicious code from an untrusted source and execute it within ScriptRunner. To mitigate this risk, we have added highlighting for bidirectional characters everywhere in ScriptRunner you can enter code. For more information please take a look at our blog post.
Bug Fixes
6.38.0
Bug Fixes
6.37.0
Script Editor Expand and Collapse Folders
Folders in the Script Editor are now collapsed by default when the editor is opened. We have also added Expand All and Collapse All buttons to the Script Editor heading, as well as the option to right-click a folder to expand it.
New Features
Bug Fixes
6.36.0
New Features
Bug Fixes
6.35.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
There are only core component changes in ScriptRunner for Bitbucket 6.35.0, so we do not have any new features or bug fixes to report.
6.34.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
There are only core component changes in ScriptRunner for Bitbucket 6.34.0, so we do not have any new features or bug fixes to report.
6.33.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
New Features
Bug Fixes
6.32.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Bug Fixes
6.31.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
There are only core component changes in ScriptRunner for Bitbucket 6.31.0, so we do not have any new features or bug fixes to report.
6.30.1
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Bug Fixes
6.30.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
There are only core component changes in ScriptRunner for Bitbucket 6.30.0, so we do not have any new features or bug fixes to report.
6.29.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
New Listener
Using the new Dynamically Add Reviewers to a Pull Request listener, you can dynamically add default and mandatory reviewers based on a script when a pull request (PR) is created or updated.
New Features
Bug Fixes
6.28.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
New Merge Check
A new merge check, Prevent Merge of Pull Requests Behind Target Branch, prevents PRs that are behind the target branch from merging.
New Features
Bug Fixes
6.27.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
API Changes for Custom Canned Hooks
6.27.0 contains a change to how hook triggers are defined for custom canned hooks. Customers implementing the following interfaces need to make a small code change for their hooks to continue working in 6.27.0:
com.onresolve.scriptrunner.canned.bitbucket.hooks.scripts.PreRepositoryHookScript
com.onresolve.scriptrunner.canned.bitbucket.hooks.scripts.PostRepositoryHookScript
If your custom script implements one of the above interfaces, you are now required to implement a new method com.onresolve.scriptrunner.canned.bitbucket.hooks.scripts.TriggerAware#getApplicableTriggers
which must return all com.atlassian.bitbucket.hook.repository.RepositoryHookTrigger
triggers which your hook should execute for.
Due to the above change, the triggers
field has also been removed from com.onresolve.scriptrunner.canned.bitbucket.hooks.model.AbstractHookCommand
, therefore triggers defined in the script parameters using com.onresolve.scriptrunner.runner.HookParameters#getHiddenTriggersParam
are now ignored. Your triggers must now be defined in the new method mentioned above.
New Features
Bug Fixes
6.26.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Add Tasks to New Pull Requests Update
For Bitbucket 7.x, the Add Tasks to New Pull Requests listener has been updated to allow for multiline tasks that include Markdown syntax. Individual tasks can now be added using the new Add Tasks button.
New Features
Bug Fixes
6.25.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Bug Fixes
6.24.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Updates to Global Administration
Now, when you are looking at Global Administration, you can see repository and project configurations. Additionally, there is a new filter to indicate where the script was created, called Created In.
6.23.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Bug Fixes
6.22.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Bug Fixes
6.21.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Welcome to the new documentation site! We don't have any major changes in this ScriptRunner for Bitbucket release, but we have updated the in-app documentation links to point here. Let us know if you encounter any issues via our support portal.
For previous versions of the documentation, please visit the old documentation site.
6.20.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
New Features
SRPLAT-1205 - The compile context in the Script Editor is now set when opening it from a page where the script is being used, using the Edit icon.
Bug Fixes
SRPLAT-1415 - Syntax highlighting for SQL and properties editors was added.
6.19.1
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
Bug Fixes
SRBITB-939 - The listeners configuration page no longer crashes if a listener configuration with no events is present.
6.19.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
IE11 Support
As of the 1st February 2021, we are no longer developing new ScriptRunner features that are compatible with IE11 and subsequent versions of ScriptRunner will not be compatible with IE11.
See our full statement for more information.
New Features
SRBITB-882 - Support for Project Level ScriptRunner objects were added to the Data Center Migration Tool.
Bug Fixes
SRPLAT-1442 - Fragment validation now checks for null and/or empty module keys.
SRPLAT-1441 - The execution history syntax highlighting was fixed.
SRPLAT-1434 - The Script Editor was fixed to show warning annotations. An example of a warning annotation is the usage of deprecated methods.
SRPLAT-1432 -
CheckedScriptFileInputBox
was fixed to run static type checking when a user returns to the tab.SRPLAT-1431 - The Script Editor was fixed to show an overall RAG status for a given file.
SRPLAT-1430 - The Script Editor was fixed to run static type checking when a file is opened.
SRPLAT-1420 - Documentation links were corrected in the Hints and Tips.
SRBITB-919 - All methods on the
Comment
class are now on the allowlist.
6.18.0
This version is not compatible with IE11. Do not update to this version if you use IE11. For more information see our Retiring Support for Internet Explorer page.
New Features
SRPLAT-1414 - You can now configure LDAP resource environment properties.
SRBITB-926 - The Clear Groovy Class Loader built-in script was added.
Bug Fixes
SRPLAT-1412 - Internal database connections are now able to fall back to non-read-only.
SRPLAT-1401 - Running built-in scripts multiple times led to stuck loading spinners.
SRPLAT-1407 - Groovy has been updated to 2.5.14.
6.17.0
This is the last ScriptRunner version compatible with IE11. For more information see our Retiring Support for Internet Explorer page.
Integration with Slack
We have added a new resouce type representing a connection to Slack.
That, plus a simple API, allows you to message users and channels from within your event listeners and other extension points. Read more here.
Bug Fixes
SRPLAT-1271 - When using existing REST Endpoints that use an inline script, you could not switch to the File tab without an error.
6.16.0
Bug Fixes
SRPLAT-841 - The URL of the Endpoint-scanning endpoint is now correctly mapped to the backend method.
SRBITB-287 - Project tree select now shows all projects.
SRBITB-887 - We have added a snippet example to check the contents of JSON file in a PR.
6.15.0
Bug Fixes
- SRBITB-913 - The `SimpleUserAccessGrant` class was not found when cloning a repo with branch permissions.
6.14.0
Storing Environmental Variables
Want to simplify migrating from a test instance to production? Check out our new Storing Environmental Variables documentation for best practices.
Hooks, Listeners, and Merge Checks for Project Administrators
This release adds the ability for project administrators to configure ScriptRunner hooks, listeners and merge checks within projects that they administer (SRBITB-434).
In the past, the above capability was only available to repository administrators and global Bitbucket administrators, which meant that only a global administrator could configure a feature for a specific project and all child repositories. If a project administrator wanted to apply a script to all of the repositories in their project, they would have had to configure the script individually on each repository, meaning that a configuration could not be shared across all repositories in the project.
Project administrators now have access to the same scripts available to repository administrators, and are able to configure them in projects they administer (including all child repositories).
Project administrators are subject to the same security restrictions regarding the code they can write as repository administrators.
This initial release does not support Atlassian’s Data Center Migration tool to migrate project administrator configurations between instances, we plan to add support for this in the future: SRBITB-882
Bug Fixes
SRPLAT-1364 - Script Editor failed to open files with national characters created on 6.11.0.
SRBITB-880 - PullRequestCommentEvent#getComment is permitted at the repository level.
6.13.0
Bug Fixes
SRPLAT-1345 - Audit logging was added for Settings changes.
SRBITB-893 - A Condition field was added to the Project and Repository Naming Standards Enforcement listener.
SRBITB-892 - A Condition field was added to the Branch and Tag Naming Standards Enforcement pre-receive hook.
SRBITB-884 - A Condition field was added to Enforce Trusted Commit Authors pre-receive hook.
SRBITB-896 - The Sync New option for mirroring wasn’t correctly deserialised.
SRBITB-881 - The Switch to a Different User built-in script was not auditing the correct author.
6.12.0
Audit Logging Enhancements
This release includes enhancements to audit logging for users who are running Bitbucket 7.
The most notable change is that audit entries now show individual changed/created configuration parameters, in the past the audit entry only contained a JSON representation of the changed/created parameters, which was difficult to read.
In addition to the above, audit entries from ScriptRunner are now in their own audit category, this means you can filter the audit entries to only show entries generated from ScriptRunner.
New Features
SRBITB-861 - Added support for new auditing API.
Bug Fixes
SRPLAT-1221 - Bitbucket/Confluence/Jira is no longer prevented from correctly shutting down when ScriptRunner is installed.
6.11.0
Bug Fixes
SRPLAT-1319 - Custom scripts returning String from
getHelpUrl()
did not work.SRPLAT-1313 - Script configurations can now be saved with a blank inline script.
SRBITB-863 - A
NoClassDefFoundError
occured when iteratingrawCommits
in script binding.
6.10.0
Ceasing Development on Bitbucket 5
We are no longer developing new features for ScriptRunner versions running on Bitbucket 5. See our Bitbucket 5 Development statement for more information.
Bug Fixes
SRBITB-853 - Calls to
mergeRequest#veto
in merge check conditions were ignored.SRBITB-852 - The Console and Script Editor left menu items were visible even when a user lacked script edit permissions.
SRBITB-850 - The Listeners link in the Getting Started page redirected to an old URL.
SRBITB-774 - To avoid missing information, use
/users/:username/repos
endpoint for GitHub mirroring.SRBITB-841 -
Changeset#getChanges
is now allowed in repo-level scripts.SRBITB-858 - The configured triggers for pre-hooks were not checked, which caused some pre-hooks to execute when they should not have.
6.9.2
Repository Administrator Sandbox Escape Vulnerability
SRBITB-854 - A security vulnerability for escaping the repository administrator code sandbox has been fixed.
The vulnerability allowed a malicious repository administrator to run arbitrary code inside the instance.
This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.2 (for Bitbucket Server 5.13+) and 6.9.2 (for Bitbucket Server 6+); it is recommended all customers upgrade to 6.5.2+ where possible.
Bug Fixes
SRBITB-853 - Calls to mergeRequest#veto in merge check conditions were ignored.
6.9.0
Bug Fixes
SRBITB-836 - The compilation of the Clone Repository Configuration built-in script significantly slowed downloading scripts.
6.7.0
Retiring Support for Internet Explorer
From Feburary 1st 2021 ScriptRunner will no longer support Internet Explorer. See our full statement for more information.
Browse Page
Use the Browse Page to search and discover ScriptRunner functionality.
Find scripts with ease by typing keywords into the search bar, or by filtering by category.
See more information in the documentation.
Script Renaming
As part of the Browse Page work above, some scripts have been renamed so that their names are clearer and more closely align with their functionality.
See below for all changes to script names:
Old script name | New script name |
---|---|
Auto Configure Delete Branch Checkbox | Check Delete Branch Checkbox |
Clone a repository | Clone repository configuration |
Configure mirrored repositories | View and configure mirrored repositories |
Custom event handler | Custom Listener |
Custom script hook (pre-hook) | Custom pre-hook |
Custom scripted post hook | Custom post-hook |
Deactivate users | Run or schedule user deactivation |
Max repository size notification | Run or schedule repository size limit email |
Mirror Bitbucket Cloud User Or Team | Mirror Bitbucket Cloud repositories |
Mirror Bitbucket Server User Or Project | Mirror Bitbucket Server repositories |
Mirror GitHub Organisation | Mirror GitHub repositories |
Mirror a GitLab user or group | Mirror GitLab repositories |
Naming standard enforcement (listener) | Project and repository naming standards enforcement |
Naming standard enforcement (pre-hook) | Branch and tag naming standards enforcement |
Pull request policy advice | Respond to pushes if pull request is outdated or conflicted |
Remote custom event handler dispatcher | Remote custom listener dispatcher |
Require a number of approvers | Require a minimum number of approvers |
Require pull request to be associated with a valid Jira issue | Require that a pull request is associated with a valid Jira issue |
Send mail (job) | Run or schedule custom email |
Send mail (listener) | Send custom email on event |
Send mail (post-hook) | Send a mail in response to a commit push |
Bug Fixes
SRBITB-827 - The Include Ref Prefix toggle was missing from the Naming Standard Enforcement Hook.
6.6.0
Asynchronous Post-Hooks
In prior versions of ScriptRunner, all post-hooks executed synchronously. This meant that some post-hook triggers, such as those for UI interaction, would not trigger ScriptRunner post-hooks. Synchronous execution can also have a performance impact to end-users because it caused pushes to be blocked until all post-hooks had completed execution.
This release adds support for asynchronous execution in custom scripted post-hooks. This is an opt-in setting because there are some differences in what is possible when executing asynchronously. For example, it is not possible to write messages to the Git Client on push when executing asynchronously.
For more information, see the asynchronous post-hooks documentation.
Admin Only Project and Repository Script Access
By default, repository and project administrators have the ability to configure/execute ScriptRunner scripts (although in a sandboxed environment, for security reasons).
Restricting access in ScriptRunner may be desirable in a highly regulated environment where a customer only wants global administrators to be able to configure hooks/listeners etc.
This release adds a toggle in the Settings tab to restrict ScriptRunner access at the repository/project level to global administrators only. Optionally, groups of users can be granted access, if desired.
For more information, see the Admin Only Project and Repository Script Access documentation.
System Admin Only Script Edit Permission
By default, global administrators have full access to ScriptRunner functionality, including writing custom code within scripts and executing code in the Script Console.
You may want to restrict the ability to configure/execute custom code to system administrators only.
This release adds a toggle to the Settings tab to enable script edit permission for system administrators only. When this toggle is enabled, only system administrators are able to configure scripts that allow custom code. Access to Script Console/Script Editor for non-system administrators is also prevented.
For more information, see the System Admin Only Script Edit Permission documentation.
Ability to Disable Switch User Built-in Script
The Switch User built-in script allows administrator users to temporarily assume the identity of another user.
This script is enabled by default. However, if you have extremely strong compliance requirements, you may wish to disable this feature.
This release adds a toggle to the Settings tab to disable the Switch User built-in script. When the script is disabled, it is not accessible for any user (including system administrators).
For more information, see the Disable Switch User Built-in Script documentation.
Bug Fixes
SRPLAT-1227 - Some documentation links were missing from scripts.
SRBITB-814 - SendCustomEmailListener broke after selecting an event for the repository admin.
SRBITB-767 - The compile context for scripted merge checks did not match the runtime execution bindings.
6.5.2
Repository Administrator Sandbox Escape Vulnerability
SRBITB-854 - A security vulnerability for escaping the repository administrator code sandbox has been fixed.
The vulnerability allowed a malicious repository administrator to run arbitrary code inside the instance.
This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.2 (for Bitbucket Server 5.13+) and 6.9.2 (for Bitbucket Server 6+); it is recommended all customers upgrade to 6.5.2+ where possible.
6.5.1
Remote Code Execution Vulnerability
SRBITB-816 - A security vulnerabilty for Remote Code Execution has been fixed.
The vulnerability allowed a malicious authenticated user to run arbitrary code inside the instance without administrative permissions.
This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.1 / 6.5.1-p5; it is recommended all customers upgrade to 6.5.1+ where possible.
6.5.0
Bug Fixes
SRPLAT-1213 - Test on Borrow should be the default for LDAP connections.
6.4.0
Bug Fixes
SRPLAT-11 - An invalid user-configured raw XML script fragment could have prevented the ScriptRunner plugin from enabling.
SRBITB-781 - The Add Tasks to New Pull Request built-in event handler configuration did not deserialise properly.
6.3.0
Bug Fixes
SRPLAT-1171 - The Confluence-specific scriptMacroMetadataProvider module no longer shows up in UPM for all ScriptRunner products.
SRBITB-770 - The upgrade tasks and subsequent startup tasks failed to run on JDK11.
SRBITB-747 - The auto-configure Delete Branch checkbox was broken on Bitbucket 7.3.
SRBITB-768 - The existing Require a Valid Jira Issue pre-hook configurations now respond to file edit triggers.
6.2.0
Bug Fixes
SRBITB-743 - The Withdraw Approvals When a Pull Request Changed documentation code example was updated to use
createBean
.
6.1.0
New Features
SRBITB-717 - The Valid Jira Issue hook now responds to file-edit triggers.
Bug Fixes
SRPLAT-1139 - Compilation failures in one script caused entire features to fail.
SRPLAT-1131 - You now have the ability to set all Hikari pool configuration parameters when using database connections.
SRPLAT-1094 - Autocompletion requests failed when requesting autocomplete after typing "Check."
SRBITB-741 - Mandatory reviewers were not being shown with the padlock picture.
SRBITB-729 - The Clone Repo script produced excessive project search requests when trying to generate its parameters.
6.0.1
- Released 12 May 2020.
Bug Fixes
SRPLAT-1119 - Classes in scriptrunner-api/spi no longer consumable by dependent plugins
6.0.0
- Released 06 May 2020.
Updates
Groovy Upgrade
The version of Groovy used by ScriptRunner has been upgraded from 2.4.15 to 2.5.11. Improvements and new features (like additional AST transformations, or the new tap()
method) shipped in Groovy 2.5 are now available to ScriptRunner users. See the Groovy 2.5 Release Notes for more information.
As with any dependency upgrade, breaking changes could potentially affect users' scripts. However, the breaking changes between Groovy 2.4 and 2.5 are relatively minor. The low-level nature of most of these breaking changes means they are unlikely to impact many ScriptRunner scripts if any.
Take a look at the list of breaking changes in the Groovy 2.5 Release Notes for further details.
IntelliJ Removal
This version removes all support for the IntelliJ IDEA plugin. See our previous deprecation announcement for our rationale and plans for the future.
Deprecated Event Handler Removal
The previously deprecated Naming Standard Enforcement event handler has been removed along with its configuration in this release.
If you were previously using this event handler, you should migrate to the pre-receive hook of the same name. This hook blocks UI interactions in the same way that the event handler did.
Execution History
Use Execution History to view up to two years of execution times and failure rates of ScriptRunner scripts in your instance, allowing a long-term view of script performance.
Using the extended history, observe if a script is getting slower over time, or if slow performance correlates with specific events (such as Bitbucket or app upgrades). Execution History provides long-term analytics allowing you to develop scripts and change execution timings, to keep your instance performing at an optimal level.
Previously, viewable executions included event handlers and scheduled jobs.
Viewable executions now include pre-hooks, post-hooks, event handlers, and merge checks.
See Execution History documentation here.
Bug Fixes
SRPLAT-1092 - There is now DocLink support for absolute URLs.
SRPLAT-1084 - The autocompletion window of the Script Console now closes correctly.
SRBITB-718 - Jira query validation prevented the issue keys hook from working if the invoking user lacked permissions.
SRBITB-684 - Require Valid Jira Issue merge check/pre-hook was updated to check Jira issue keys case insensitively.
SRBITB-724 - Execution history was added for repository-level pre-hooks, post-hooks, merge checks, and event listeners.
SRBITB-691 - The BranchAndTagNamingRuleEnforcer event handler was removed.
SRBITB-635 - Execution history was added for administration-level pre-hooks, post-hooks, merge checks, and event listeners.
SRBITB-633 - Auditing of built-in script execution was added.
SRBITB-731 - You are now allowed to configure event handlers to respond to any implementation of RepositoryRefsChangedEvent.