We use Jira and Confluence Server (with paid licenses) and are considering what to do when licensing for Server products changes after Feb 2020.
We have decided to stay with our Server installations for now. I have read about and understand the consequences around that.
I also understand that, if we would not renew the support license when it expires we will not be able to upgrade to newer releases.
My question is: What happens when we stay on the Long Term Support release for Jira, we let the support contract expire (do not renew), and 11 months later a critical security flaw is found?
Would Atlassian provide a patch just for that vulnerability? Would that patch be made available to non-paying Server customers?
I understand we would not be entitled to a version upgrade, but I understand in the past that manual patches have been made available to all users.
Does anyone know if the policy around this is written down somewhere?
afaik you can not install updates released after the end date of your paid maintenance. Installing a bug fix release - even on a Long Term Support release is an upgrade of your instance, as described Security bugfix policy.
Maybe you already found this overview page on Long Term Support releases as well.
That's what I would expect too. Atlassian doesn't do patches. Fixes are provided as "patch" versions, so every patch is technically an upgrade. And upgrades are limited by their release dates and your last support date. But it would be good to get a confirmation from Atlassian on this
Thank you. I understand and of course that makes sense.
We run everything internally so are less exposed than an internet facing installation.
I want to clearly put all our options (and risks) on paper before we decide on the (pricey) renewal of the license.
My follow up question is: With what is currently proposed by Atlassian around Server, would I be able to re-start my paid support license between now and the EOL for the Jira Server and Confluence if I decided it was necessary at a later date?
If a critical vulnerability was discovered we could still there and then decide to renew and get the update.
Would this be possible? What are the chances that Atlassian will make this hard/impossible with more changes to the licensing model between now and EOL?
Hi again @thijsdevries,
From the Purchasing and licensing faq:
What happens when included server maintenance ends
After the first 12 months, your server software maintenance will expire and you will no longer be able to receive technical support or software updates.
As all server licenses are perpetual*, you can use your software into perpetuity. This means the server product will continue to operate in its current state after the maintenance period expires.
*Data Center licenses are not perpetual.
Please note: Maintenance renewals commence from the date the previous maintenance period expires, regardless of when the maintenance renewal was purchased.
That means that you should be able to reactivate your renewal at a later date, but that your maintenance start will be backdated to the moment of last expiry.
In addition, the same faq also stipulates:
How can I purchase a maintenance renewal
Please note: You can hold a maximum of 2 years worth of active software maintenance for server/Data Center products. Cloud can be purchased as 12-month or 24-month subscriptions.
*Pricing for software maintenance may be reviewed from time to time. For products whose maintenance is based on an old licensing model, which is no longer available, you will be quoted at the current renewal pricing. At our sole discretion, we may offer a limited-time grandfathering program for server products (not hosted) that we would announce to all customers holding licenses that experienced a change.
Keeping the backdating principle in mind, you won't be able to renew maintenance more than 2 years after the last expiry and if you need to renew for a recent fix, will be charged maintenance for the entire period.
Also, as of February 2nd 2021 it will no longer be possible to purchase new server licenses.
Thank you. Clear as a bell.
Correct me if I'm wrong but this does make me want to suggest the following to my manager:
- we continue to run our (internal) Jira and Confluence Server for the foreseeable future.
- we do not renew our support contract
- we monitor the security advisories as they are published
- if a critical issue comes up that is too risky to ignore or mitigate in some other way, we re-new our support license (being aware we need to pay for the full period since it expired)
- we apply the latest release.
Does this sounds realistic/irresponsible?
Hey there Cloud Community members! We’re excited to give you the first glimpse of the new home for business teams on Jira — Jira Work Management. Jira Work Management is the next generation of J...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events