Check out what’s new for ScriptRunner for Jira Server.

5.7.2

Bug Fixes

  • SRPLAT-999 - Script Editor - deprecations of inner classes are now correctly shown.

  • SRJIRA-4173 - The Send a Custom Email workflow script configuration deserialisation no longer assumes that the FIELD_EMAIL_FORMAT will be either HTML or TEXT.

  • SRJIRA-4129 - The /remote-events/available endpoint no longer throws an error.

  • SRPLAT-931 - Method deprecation warnings for SAL now show in the Code Editor.

5.7.1

New Features

Dynamic Forms

Introducing Dynamic Forms, a feature to simplify the process of editing variables in your ScriptRunner Groovy scripts. Dynamic Forms allows you to create complex scripts with flexible variables that can be shared with multiple users, allowing one script to be used for various use cases, reducing maintenance requirements while allowing for script customisation. For more information see our documentation.

Bug Fixes

  • SRPLAT-962 - Cron descriptions now display the correct weekday.

  • SRJIRA-4155 - "When" behaviour conditions can now be added after the first "Except" condition is added.

  • SRJIRA-3723 - Opening multiple constrained issue dialogs on the same page no longer causes issues with the behaviour context ID.

  • SRJIRA-3646 - The execution history for Custom Script scripted fields now displays in the user interface.

5.7.0

Bug Fixes

  • SRPLAT-948 - Conditions on Web Fragments created prior to release 5.6.15 are now visible.

  • SRJIRA-4138 - Previewing an editable script field now shows the current value.

  • SRJIRA-4128 - The width of picker fields is constrained correctly.

  • SRJIRA-4127 - Database picker fields have highlighting info when searching.

  • SRJIRA-4109 - PostMessageToChatService now handles an empty hook URL.

  • SRJIRA-4047 - An UncaughtException showing a null behaviourID, caused by Anonymous Analytics, has been fixed.

  • SRJIRA-4044 - Custom Email post-function no longer reverts (and fails to save) updates from HTML to plain text

  • SRJIRA-3938 - The Issue Picker list no longer overlaps other issue picker fields.

  • SRJIRA-2532 - Nested script execution no longer overrides "sr.execution.id" in Log4j MDC storage which caused scripts running up the stack to lose remaining log entries.

  • SRJIRA-4067 - A full reindex scoped cache for last index lookups has been introduced to improve the performance of last comment indexing on large instances.

5.6.15

Bug Fixes

  • SRPLAT-912 - Script Editor has been fixed.

  • SRPLAT-566 - Browse Page now maintains search input focus.

  • SRJIRA-3921 - Scripted multi-issue picker no longer selects multiple items with one click.

  • SRJIRA-3842 - A MethodMissing exception that caused the REST endpoint page to fail to load has been fixed.

  • SRJIRA-2974 - Aggregate functions now always display calculation.

5.6.14

Bug Fixes

  • SRPLAT-908 - A bug that prevented editing of previously configured script files has been fixed.

  • SRJIRA-3139 - Issue Picker Field now supports searching empty values.

5.6.13

IntelliJ IDEA Plugin Deprecation

We are officially deprecating the IntelliJ IDEA plugin, also known as the Adaptavist Power Editor. ScriptRunner 5.6.13 contains the last bugfix we will ship for this feature, and 0.7.20 is the last release we will make on the JetBrains marketplace. Future support requests for this feature will be referred to this deprecation notice.

As can be seen from the review history on our JetBrains marketplace listing, we haven’t been consistently keeping up with JetBrains’s quarterly release schedule, due to prioritisation constraints.

Reasons for the Change

Two key concerns motivated our decision to deprecate: the opportunity cost of developing the Adaptavist Power Editor and its overlap with other ScriptRunner features.

The IntelliJ IDEA platform is a rich, fast-moving one. Just about every release requires refactoring some part of our plugin’s codebase. As users of IntelliJ IDEA, we love this rapid development. However, it is a challenge to keep up with developing a secondary plugin that is not our core product, while also keeping an eye on the Atlassian release cycle. While IntelliJ IDEA was an interesting platform to expand into, it required more focus than we were able to give it.

Further, we are continuing to maintain and develop two other features which meet most of the needs met by the IntelliJ Plugin. These are the Code Editor and the scriptrunner-samples repository for local development.

The Code Editor provides smart completions, parameter hints, and javadoc lookup. While that’s nowhere near the feature set provided by IntelliJ IDEA, it does provide a rich development experience, one which we’d like to develop further. Most importantly, the Code Editor is up and running by default with no setup.

For users who want a deeper development experience and don’t mind some setup, developing a Script Plugin affords a fully featured IDE, git integration, the ability to save script configuration as code, and other developer tools.

With the addition of the Code Editor (with built-in autocompletion), and the new Script Editor (allowing users to save files in script roots), the Adaptavist Power Editor had a very niche user base with a very high maintenance burden. Although we had reservations about deprecating the IntelliJ IDEA integration due to feature loss in the short term, increased investment in the core ScriptRunner product is our priority.

Continuing to let the Adaptavist Power Editor lag with late compatibility updates wasn’t fair to our users, and we are committed to delivering more new features and improvements to the ScriptRunner product itself.

Ultimately, creating a plugin for IntelliJ IDEA was a valuable experiment. It taught us important lessons about providing a rich code editor that we still want to incorporate into the core Code Editor. We would love to hear from you which aspects you found most valuable. Please contact us through our support portal if there are features you would like to request for the Code Editor.

Bug Fixes

  • SRPLAT-830 - IntelliJ Integration that was broken in 5.6.6 and beyond, is now fixed.

  • SRJIRA-4077 - Script Editor icons are now displayed correctly.

  • SRJIRA-4066 - Escalation Services are now sucessfully migrated to jobs.

  • SRJIRA-4057 - Creating a planning board item with action == "comment" does now show the item.

5.6.12

ScriptRunner Remote Events Code Execution Vulnerability

An HTTP POST made to /rest/scriptrunner/latest/remote-events with a specially crafted JSON payload could lead to unrestricted Groovy code execution for any logged-in user, regardless of permissions.

This security vulnerability has been fixed in ScriptRunner 5.6.12; it is recommended all customers upgrade to 5.6.12+ where possible.

If no firewall is enabled, users must update ScriptRunner to include this security patch.

Temporary Workaround

If you are unable to upgrade immediately, blocking HTTP requests beginning with <base_url>rest/scriptrunner/*/remote-events mitigates the vulnerability.

To verify the workaround is applied correctly check that requests to <base_url>rest/scriptrunner/*/remote-events/ are denied.

Below are examples of how to apply the workaround in Apache and Tomcat by blocking requests to the Scriptrunner Remote Events endpoint at the reverse proxy, load-balancer or application server level.

Please note that Adaptavist Support does not provide any assistance for configuring reverse proxies. Consequently, we provide the below examples as is, with no support and no written or implied warranties. To verify the workaround is applied correctly check that requests to <base_url>rest/scriptrunner/*/remote-events/ are denied.
Apache HTTPD Reverse Proxy
Apache 2.4 Syntax

Add the following into the .conf file containing the virtualhost that proxies to the Atlassian application.

<LocationMatch "/rest/scriptrunner/.*/remote-events/">
Require all denied
</LocationMatch>
Example:
<VirtualHost *:80>
ServerName jira.example.com
ProxyRequests Off
ProxyVia Off
<Proxy *>
     Require all granted
</Proxy>
ProxyPass /jira  http://ipaddress:8080/jira
ProxyPassReverse /jira  http://ipaddress:8080/jira
    <LocationMatch "/rest/scriptrunner/.*/remote-events/">
        Require all denied
    </LocationMatch>
</VirtualHost>
Apache 2.2 Syntax

Add the following into the .conf file containing the virtualhost that proxies to the Atlassian application:

<LocationMatch "/rest/scriptrunner/.*/remote-events/">
Order Allow,Deny
Deny from  all
</LocationMatch>
Example
<VirtualHost *:80>
ServerName jira.example.com
    ProxyRequests Off
    ProxyVia Off
    <Proxy *>
         Require all granted
    </Proxy>
    ProxyPass /jira  http://ipaddress:8080/jira
    ProxyPassReverse /jira  http://ipaddress:8080/jira
    <LocationMatch "/rest/scriptrunner/.*/remote-events/">
         Order Allow,Deny
         Deny from  all
    </LocationMatch>
</VirtualHost>
Tomcat urlrewrite.xml

Redirect requests to /rest/scriptrunner/.*/remote-events/.* to a safe URL.

  1. Add the following to the <urlrewrite> section of [jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xml:

    <rule>
    <from>/rest/scriptrunner/.*/remote-events/.*</from>
    <to type="temporary-redirect">/</to>
    </rule>
  2. Save the urlrewrite.xml.

  3. Restart the Atlassian application.

5.6.11

Bug Fixes

  • SRPLAT-873 - Settings could have been null, which caused NPE in various locations.

  • SRPLAT-864 - An invalid object name, null.AO_31728E_SR_USER_PROP, was added when the plugin was run against an instance running on MS SQL Server.

5.6.10

New Features

Issue Archiving (Data Center 8.1+)

There are two new features in ScriptRunner for Jira server allowing users to archive issues. You can now configure an Issue Archiving Job or Archive this Issue Post-function.

New Features in Script Editor

  • Folder Support - Use the context menu to create new folders in the script root directory. Script Editor also supports the creation of nested folders, separate them using / character. Folders (and files) can be moved around the file tree using drag-and-drop.

  • Deletion Support - You can now remove files and folders directly from the Script Editor UI. Just right-click on the file or folder you want to remove and select Delete from the context menu.

  • Renaming Support - You can now rename files and folders using context menu option Rename available on each node in Script Editor.

Services and Escalation Services Moved to Jobs

Services and Escalation Services are now part of ScriptRunner Jobs. Migrated services run as expected, however; when editing a service, you must specify an application user in the User field. For more information see our Jobs documentation.

Bug Fixes

  • SRPLAT-864 - An invalid object name 'null.AO_31728E_SR_USER_PROP' when running on MS SQL Server has been fixed.

  • SRJIRA-4017 - Script Registry now picks up simple scripted validators.

  • SRJIRA-3990 - An issue with the Send Custom Email function has been fixed.

  • SRJIRA-3988 - An error with Send a custom email listener filing to find event has been fixed.

  • SRJIRA-3985 - The StackOverflowError when using AddedAfterSprintStart or RemovedAfterSprintStart JQL functions in card color queries is fixed.

  • SRJIRA-3983 - Having a large number of comments on an issue no longer causes re-indexing delays.

  • SRPLAT-862 - There is now support for cross-app, in-app fixtures usable from tests running outside of the app.

5.6.9

More Groovy Classes are Backwards Incompatible

If you have any custom classes in your script roots or configured scripts which extend com.onresolve.scriptrunner.canned.jira.workflow.listeners.CustomListener, those may be broken by this release.

If you notice the Listeners page is failing to load, this problem may be affecting you. One potential workaround: you can add the @groovy.transform.InheritConstructors annotation to your custom class. As before, if you need additional help as a result of these changes, please contact us via our support portal.

Scalability improvements to lastComment JQL function

In version 5.6.6 we released a scalability improvement to the lastComment JQL function.

Unfortunately due to an internal process problem, we neglected to include in the release notes the following information.

The changes to the implementation of lastComment JQL function in this version mean that a reindex of Jira is required for that function to work correctly.

A background reindex of Jira is not sufficient. You must select the option "Lock Jira and rebuild index". Obviously this should be done out of business hours.

Bug Fixes

  • SRPLAT-670 - An exception was generated when adding or removing an event in the Events field on the Custom Event Listener screen.

  • SRJIRA-3982 - The wrong value displayed for scripted fields based on the current user.

  • SRJIRA-3969 - Creating a Post Function "create sub-task" or "Clones an issue, and links" no longer throws the java.lang.NoClassDefFoundError: com/atlassian/servicedesk/api/NoSuchEntityException.

  • SRJIRA-3710 - STC errors/warnings are now shown in the registry.

  • SRJIRA-3488 - Missing icons now show within script execution reports.

5.6.8

New Features

  • SRJIRA-3712 - The Database Picker fields can now appear on the Service Desk Portal.

Bug Fixes

  • SRPLAT-836 - Scriptrunner did not clean up MultiParentClassLoader on plugin-enabled events.

  • SRJIRA-3960 - FireEventWhen sometimes received the wrong ChangeLog it fired events.

  • SRJIRA-3954 - The View in Issue Navigator link on the backlog board did not show all issues in the backlog.

  • SRJIRA-3953 - You could not edit workflow functions that were created several years ago.

  • SRJIRA-3935 - ScriptRunner action did not work in automation because of a JavaScript error.

5.6.7

Bug Fixes

  • SRPLAT-774 - MissingPropertyException in subclasses of AbstractBaseRestEndpoint when accessing the log field has been fixed.

  • SRPLAT-773 - Yaml files now auto deploy saved script configurations in custom plugin jars.

  • SRJIRA-3344 - Default text in Visual mode in a tab now renders correctly.

  • SRJIRA-3827 - An issue causing uneditable checkboxes is now fixed.

5.6.6

New Features

  • Manage your .groovy script files using the new ScriptRunner Script Editor.

  • SRJIRA-3782 - Database Picker options display automatically.

Bug Fixes

  • SRPLAT-715 - The use of class autocompletion with an as cast operation was fixed.

  • SRPLAT-712 - An exception thrown by getting docs on a variable no longer occurs.

  • SRPLAT-709 - The fragment finder context variables overlay was added.

  • SRPLAT-703 - The missing Idea Integration icon was added back to code editors.

  • SRPLAT-691 - Long files are now rendered in Script Editor.

  • SRJIRA-3827 - An issue causing uneditable checkboxes is now fixed.

  • SRJIRA-3790 - Script fragments items have been reordered.

  • SRJIRA-3789 - Free text search is not defaulted unless the field has the text template.

  • SRJIRA-3777 - An issue causing new issue events to be missing when configuring a custom listener, has been fixed.

  • SRJIRA-3619 - layering issue when using any picker field

  • SRJIRA-3617 - Issue Picker search has been improved.

  • SRJIRA-3112 - Installing Service Desk or Jira Software after ScriptRunner no longer causes 'NoClassDefFoundError'.

  • SRJIRA-2679 - The lastComment JQL function is now scalable for enterprise.

  • SRJIRA-3528 - The Behaviour feature has had performance improvements.

5.6.5

New Features

  • SRJIRA-3782 - Show database picker options without having to start typing

Bug Fixes

  • SRPLAT-715 - Cannot use class completion with "as" cast operation

  • SRPLAT-712 - Code Insight - getting docs on a variable throws exception

  • SRPLAT-709 - Fragment Finder context variables overlay missing

  • SRPLAT-703 - No Idea icon to connect plugin

  • SRJIRA-3790 - script fragments items not ordered well

  • SRJIRA-3789 - do not default to free text search unless the field has the "text" template

  • SRJIRA-3777 - new issue events cannot be found when configuring a custom listener

  • SRJIRA-3619 - layering issue when using any picker field

  • SRJIRA-3112 - Installing Service Desk or Jira Software after ScriptRunner cause NoClassDefFoundError

  • SRJIRA-3776 - Support writing Arquillian Spock specifications for SR for Jira

  • SRJIRA-3528 - Behaviour Feature - Performance Improvements

5.6.2

Bug Fixes

  • [SRJIRA-2931] - SD behaviours were executing off of the wrong ID.
  • [SRJIRA-3681] - Script fields were appearing empty.
  • [SRPLAT-658] - Could not use code completion features with @WithPlugin for some plugins.
  • [SRPLAT-680] - Dependent plugin classes weren't loaded correctly.

5.6.1

Fix for SRPLAT-560 - Occasional NoClassDefFound with @WithPlugin compilation customiser

Dynamically adding and removing plugin classloaders was found to be impractical and unreliable due to lack of control over classloader caches.

The behaviour has changed so that when any @WithPlugin annotation is detected, the classloader from the selected plugin(s) is available to all scripts. This is true when using @WithPlugin or not in subsequent script executions. This change does not affect performance as the system classloaders are first in the classloader order.

Continue to add @WithPlugin to any scripts that use classes from other plugins. Without this, after a restart, successful script compiling will be dependent on the order of execution. Static type checking will show errors if you forget to use @WithPlugin.

Bug Fixes

  • [SRJIRA-458] - import of helper class not possible
  • [SRJIRA-3328] - Script Field partially duplicated after adding a new configuration context
  • [SRJIRA-3391] - Assigning closures with no parameters to script field bindings doesn't type check
  • [SRJIRA-3457] - Subquery in 'expression' JQL function isn't necessarily valid when expression script is being validated
  • [SRJIRA-3494] - Cached condition results need to be keyed on status as well
  • [SRJIRA-3651] - Ambiguous method error when using expression JQL function anonymously
  • [SRJIRA-3658] - potential class loader lock contention issue when parsing behaviours configuration
  • [SRJIRA-3646] - "Custom Script" Scripted Fields fail to show Execution History in user interface

Have questions? Visit the Atlassian Community to connect, share, and learn with other Atlassian users and experts, including Adaptavist staff.

Ask a question about ScriptRunner for JIRA, Bitbucket Server, or Confluence.

Want to learn more? Check out courses on Adaptavist Learn, an online platform to onboard and train new users for Atlassian solutions.