5.6.15

  • Released 11 Feb 2020.

Bug Fixes

  • SRPLAT-912 - Script Editor has been fixed.

  • SRPLAT-566 - Browse Page now maintains search input focus.

  • SRJIRA-3921 - Scripted multi-issue picker no longer selects multiple items with one click.

  • SRJIRA-3842 - A MethodMissing exception that caused the REST endpoint page to fail to load has been fixed.

  • SRJIRA-2974 - Aggregate functions now always display calculation.

5.6.14

Bug Fixes

  • SRPLAT-908 - A bug that prevented editing of previously configured script files has been fixed.

  • SRJIRA-3139 - Issue Picker Field now supports searching empty values.

5.6.13

  • Released 22 Jan 2020.

IntelliJ IDEA Plugin Deprecation

We are officially deprecating the IntelliJ IDEA plugin, also known as the Adaptavist Power Editor. ScriptRunner 5.6.13 contains the last bugfix we will ship for this feature, and 0.7.20 is the last release we will make on the JetBrains marketplace. Future support requests for this feature will be referred to this deprecation notice.

As can be seen from the review history on our JetBrains marketplace listing, we haven’t been consistently keeping up with JetBrains’s quarterly release schedule, due to prioritization constraints.

Reasons for the Change

Two key concerns motivated our decision to deprecate: the opportunity cost of developing the Adaptavist Power Editor and its overlap with other ScriptRunner features.

The IntelliJ IDEA platform is a rich, fast-moving one. Just about every release requires refactoring some part of our plugin’s codebase. As users of IntelliJ IDEA, we love this rapid development. However, it is a challenge to keep up with developing a secondary plugin that is not our core product, while also keeping an eye on the Atlassian release cycle. While IntelliJ IDEA was an interesting platform to expand into, it required more focus than we were able to give it.

Further, we are continuing to maintain and develop two other features which meet most of the needs met by the IntelliJ Plugin. These are the Code Editor and the scriptrunner-samples repository for local development.

The Code Editor provides smart completions, parameter hints, and javadoc lookup. While that’s nowhere near the feature set provided by IntelliJ IDEA, it does provide a rich development experience, one which we’d like to develop further. Most importantly, the Code Editor is up and running by default with no setup.

For users who want a deeper development experience and don’t mind some setup, developing a Script Plugin affords a fully featured IDE, git integration, the ability to save script configuration as code, and other developer tools.

With the addition of the Code Editor (with built-in autocompletion), and the new Script Editor (allowing users to save files in script roots), the Adaptavist Power Editor had a very niche user base with a very high maintenance burden. Although we had reservations about deprecating the IntelliJ IDEA integration due to feature loss in the short term, increased investment in the core ScriptRunner product is our priority.

Continuing to let the Adaptavist Power Editor lag with late compatibility updates wasn’t fair to our users, and we are committed to delivering more new features and improvements to the ScriptRunner product itself.

Ultimately, creating a plugin for IntelliJ IDEA was a valuable experiment. It taught us important lessons about providing a rich code editor that we still want to incorporate into the core Code Editor. We would love to hear from you which aspects you found most valuable. Please contact us through our support portal if there are features you would like to request for the Code Editor.

Bug Fixes

  • SRPLAT-830 - IntelliJ Integration that was broken in 5.6.6 and beyond, is now fixed.

  • SRJIRA-4077 - Script Editor icons are now displayed correctly.

  • SRJIRA-4066 - Escalation Services are now successfully migrated to jobs.

  • SRJIRA-4057 - Creating a planning board item with action == "comment" does now show the item.

5.6.12

  • Released 22 Jan 2020.

ScriptRunner Remote Events Code Execution Vulnerability

An HTTP POST made to /rest/scriptrunner/latest/remote-events with a specially crafted JSON payload could lead to unrestricted Groovy code execution for any logged-in user, regardless of permissions.

This security vulnerability has been fixed in ScriptRunner 5.6.12; it is recommended all customers upgrade to 5.6.12+ where possible.

If no firewall is enabled, users must update ScriptRunner to include this security patch.

Temporary Workaround

If you are unable to upgrade immediately, blocking HTTP requests beginning with <base_url>rest/scriptrunner/*/remote-events mitigates the vulnerability.

To verify the workaround is applied correctly check that requests to <base_url>rest/scriptrunner/*/remote-events/ are denied.


Below are examples of how to apply the workaround in Apache and Tomcat by blocking requests to the Scriptrunner Remote Events endpoint at the reverse proxy, load-balancer or application server level.

Please note that Adaptavist Support does not provide any assistance for configuring reverse proxies. Consequently, we provide the below examples as is, with no support and no written or implied warranties. To verify the workaround is applied correctly check that requests to <base_url>rest/scriptrunner/*/remote-events/ are denied.

Apache HTTPD Reverse Proxy
Apache 2.4 Syntax

Add the following into the .conf file containing the virtualhost that proxies to the Atlassian application.


<LocationMatch "/rest/scriptrunner/.*/remote-events/">
Require all denied
</LocationMatch>
Example:
<VirtualHost *:80>
ServerName jira.example.com
ProxyRequests Off
ProxyVia Off
<Proxy *>
     Require all granted
</Proxy>
ProxyPass /jira  http://ipaddress:8080/jira
ProxyPassReverse /jira  http://ipaddress:8080/jira
    <LocationMatch "/rest/scriptrunner/.*/remote-events/">
        Require all denied
    </LocationMatch>
</VirtualHost>

Apache 2.2 Syntax

Add the following into the .conf file containing the virtualhost that proxies to the Atlassian application:


<LocationMatch "/rest/scriptrunner/.*/remote-events/">
Order Allow,Deny
Deny from  all
</LocationMatch>
Example
<VirtualHost *:80>
ServerName jira.example.com
    ProxyRequests Off
    ProxyVia Off
    <Proxy *>
         Require all granted
    </Proxy>
    ProxyPass /jira  http://ipaddress:8080/jira
    ProxyPassReverse /jira  http://ipaddress:8080/jira
    <LocationMatch "/rest/scriptrunner/.*/remote-events/">
         Order Allow,Deny
         Deny from  all
    </LocationMatch>
</VirtualHost>

Tomcat urlrewrite.xml

Redirect requests to /rest/scriptrunner/.*/remote-events/.* to a safe URL.

  1. Add the following to the <urlrewrite> section of [jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xml:


    <rule>
    <from>/rest/scriptrunner/.*/remote-events/.*</from>
    <to type="temporary-redirect">/</to>
    </rule>

  2. Save the urlrewrite.xml.

  3. Restart the Atlassian application.

5.6.11

  • Released 09 Jan 2020.

Bug Fixes

  • SRPLAT-873 - Settings could have been null, which caused NPE in various locations.

  • SRPLAT-864 - An invalid object name, null.AO_31728E_SR_USER_PROP, was added when the plugin was run against an instance running on MS SQL Server.

5.6.10

  • Released 26 Dec 2019.

New Features

Issue Archiving (Data Center 8.1+)

There are two new features in ScriptRunner for Jira server allowing users to archive issues. You can now configure an Issue Archiving Job or Archive this Issue Post-function.

New Features in Script Editor

  • Folder Support - Use the context menu to create new folders in the script root directory. Script Editor also supports the creation of nested folders, separate them using / character. Folders (and files) can be moved around the file tree using drag-and-drop.

  • Deletion Support - You can now remove files and folders directly from the Script Editor UI. Just right-click on the file or folder you want to remove and select Delete from the context menu.

  • Renaming Support - You can now rename files and folders using context menu option Rename available on each node in Script Editor.

Services and Escalation Services Moved to Jobs

Services and Escalation Services are now part of ScriptRunner Jobs. Migrated services run as expected, however; when editing a service, you must specify an application user in the User field. For more information see our Jobs documentation.


Bug Fixes

  • SRPLAT-864 - An invalid object name 'null.AO_31728E_SR_USER_PROP' when running on MS SQL Server has been fixed.

  • SRJIRA-4017 - Script Registry now picks up simple scripted validators.

  • SRJIRA-3990 - An issue with the Send Custom Email function has been fixed.

  • SRJIRA-3988 - An error with Send a custom email listener filing to find event has been fixed.

  • SRJIRA-3985 - The StackOverflowError when using AddedAfterSprintStart or RemovedAfterSprintStart JQL functions in card color queries is fixed.

  • SRJIRA-3983 - Having a large number of comments on an issue no longer causes re-indexing delays.

  • SRPLAT-862 - There is now support for cross-app, in-app fixtures usable from tests running outside of the app.

5.6.9

  • Released 12 Dec 2019.

More Groovy Classes are Backwards Incompatible

We are continuing the background work that we started in 5.6.7.

If you have any custom classes in your script roots or configured scripts which extend com.onresolve.scriptrunner.canned.jira.workflow.listeners.CustomListener, those may be broken by this release.

If you notice the Listeners page is failing to load, this problem may be affecting you. One potential workaround: you can add the @groovy.transform.InheritConstructors annotation to your custom class. As before, if you need additional help as a result of these changes, please contact us via our support portal.

Scalability Improvements to lastComment JQL Function

In version 5.6.6 we released a scalability improvement to the lastComment JQL function.

Unfortunately due to an internal process problem, we neglected to include in the release notes the following information.

The changes to the implementation of lastComment JQL function in this version mean that a reindex of Jira is required for that function to work correctly.

A background reindex of Jira is not sufficient. You must select the option "Lock Jira and rebuild index". Obviously this should be done out of business hours.

Bug Fixes

  • SRPLAT-670 - An exception was generated when adding or removing an event in the Events field on the Custom Event Listener screen.

  • SRJIRA-3982 - The wrong value displayed for scripted fields based on the current user.

  • SRJIRA-3969 - Creating a Post Function "create sub-task" or "Clones an issue, and links" no longer throws the java.lang.NoClassDefFoundError: com/atlassian/servicedesk/api/NoSuchEntityException.

  • SRJIRA-3710 - STC errors/warnings are now shown in the registry.

  • SRJIRA-3488 - Missing icons now show within script execution reports.

5.6.8

  • Released 27 Nov 2019.

New Features

  • SRJIRA-3712 - The Database Picker fields can now appear on the Service Desk Portal.

Bug Fixes

  • SRPLAT-836 - Scriptrunner did not clean up MultiParentClassLoader on plugin-enabled events.

  • SRJIRA-3960 - FireEventWhen sometimes received the wrong ChangeLog it fired events.

  • SRJIRA-3954 - The View in Issue Navigator link on the backlog board did not show all issues in the backlog.

  • SRJIRA-3953 - You could not edit workflow functions that were created several years ago.

  • SRJIRA-3935 - ScriptRunner action did not work in automation because of a JavaScript error.

5.6.7

  • Released 07 Nov 2019.

Bug Fixes

  • SRPLAT-774 - MissingPropertyException in subclasses of AbstractBaseRestEndpoint when accessing the log field has been fixed.

  • SRPLAT-773 - Yaml files now auto deploy saved script configurations in custom plugin jars.

  • SRJIRA-3344 - Default text in Visual mode in a tab now renders correctly.

  • SRJIRA-3827 - An issue causing uneditable checkboxes is now fixed.

5.6.6

  • Released 28 Oct 2019.

New Features

  • Manage your .groovy script files using the new ScriptRunner Script Editor.

  • SRJIRA-3782 - Database Picker options display automatically.

Bug Fixes

  • SRPLAT-715 - The use of class autocompletion with an as cast operation was fixed.

  • SRPLAT-712 - An exception thrown by getting docs on a variable no longer occurs.

  • SRPLAT-709 - The fragment finder context variables overlay was added.

  • SRPLAT-703 - The missing Idea Integration icon was added back to code editors.

  • SRPLAT-691 - Long files are now rendered in Script Editor.

  • SRJIRA-3827 - An issue causing uneditable checkboxes is now fixed.

  • SRJIRA-3790 - Script fragments items have been reordered.

  • SRJIRA-3789 - Free text search is not defaulted unless the field has the text template.

  • SRJIRA-3777 - An issue causing new issue events to be missing when configuring a custom listener, has been fixed.

  • SRJIRA-3619 - layering issue when using any picker field

  • SRJIRA-3617 - Issue Picker search has been improved.

  • SRJIRA-3112 - Installing Service Desk or Jira Software after ScriptRunner no longer causes 'NoClassDefFoundError'.

  • SRJIRA-2679 - The lastComment JQL function is now scalable for enterprise.

  • SRJIRA-3528 - The Behaviour feature has had performance improvements.

5.6.5

  • Released 28 Oct 2019.

New Features

  • SRJIRA-3782 - Show database picker options without having to start typing

Bug Fixes

  • SRPLAT-715 - Cannot use class completion with "as" cast operation

  • SRPLAT-712 - Code Insight - getting docs on a variable throws exception

  • SRPLAT-709 - Fragment Finder context variables overlay missing

  • SRPLAT-703 - No Idea icon to connect plugin

  • SRJIRA-3790 - Script fragments items not ordered well

  • SRJIRA-3789 - do not default to free text search unless the field has the "text" template

  • SRJIRA-3777 - New issue events cannot be found when configuring a custom listener

  • SRJIRA-3619 - Layering issue when using any picker field

  • SRJIRA-3112 - Installing Service Desk or Jira Software after ScriptRunner cause NoClassDefFoundError

  • SRJIRA-3776 - Support writing Arquillian Spock specifications for SR for Jira

  • SRJIRA-3528 - Behaviour Feature - Performance Improvements

5.6.2

  • Released 12 Sep 2019.

Bug Fixes

  • [SRJIRA-2931] - SD Behaviours were executing off of the wrong ID.
  • [SRJIRA-3681] - Script fields were appearing empty.
  • [SRPLAT-658] - Could not use code completion features with @WithPlugin for some plugins.
  • [SRPLAT-680] - Dependent plugin classes weren't loaded correctly.

5.6.1

  • Released 15 Aug 2019.

Bug Fixes

  • [SRJIRA-458] - Import of helper class not possible
  • [SRJIRA-3328] - Script Field partially duplicated after adding a new configuration context
  • [SRJIRA-3391] - Assigning closures with no parameters to script field bindings doesn't type check
  • [SRJIRA-3457] - Subquery in 'expression' JQL function isn't necessarily valid when expression script is being validated
  • [SRJIRA-3494] - Cached condition results need to be keyed on status as well
  • [SRJIRA-3651] - Ambiguous method error when using expression JQL function anonymously
  • [SRJIRA-3658] - potential class loader lock contention issue when parsing behaviours configuration
  • [SRJIRA-3646] - "Custom Script" Scripted Fields fail to show Execution History in user interface

Fix for SRPLAT-560 - Occasional NoClassDefFound with @WithPlugin compilation customizer

Dynamically adding and removing plugin classloaders was found to be impractical and unreliable due to lack of control over classloader caches.

The behaviour has changed so that when any @WithPlugin annotation is detected, the classloader from the selected plugin(s) is available to all scripts. This is true when using @WithPlugin or not in subsequent script executions. This change does not affect performance as the system classloaders are first in the classloader order.

Continue to add @WithPlugin to any scripts that use classes from other plugins. Without this, after a restart, successful script compiling will be dependent on the order of execution. Static type checking will show errors if you forget to use @WithPlugin.