Hi Niveditha,
I understand you have some questions about upgrading Jira and some concerns about when and how often Atlassian publishes such security advisories. I hope I can shed some light on these.
In regards to the security advisories: It is both time based and severity level dependent. For our Server products, we always release our security advisories on Wednesdays. And these advisories are typically only published for critical severity level security vulnerabilities. More details are in Security Advisory Publishing Policy. In relation to this, you might also be interested in our Security Bug Fix Policy, which outlines how and when we fix security issues in our products.
In regards to upgrading Jira: You could either upgrade Jira to 8.3.4 or 8.4.1 in order to avoid this first vulnerability and both versions have compatible Service Desk versions you can upgrade to that also prevent the other vulnerability.
The only consideration in my mind as to which version to upgrade to comes down to what plugins (aka add-ons or apps) you are running with Jira. It is important to determine if those plugins yet have a compatible version for the latest version of Jira 8.4.1. If they do not, then you might be more compatible with your existing add-ons to go with the 8.3.4 version. It is more likely if you had Jira up and running with your add-ons in 8.3.2, that these would most likely still have compatible versions available for 8.3.4 either in their current versions or updated plugins versions available in Marketplace.
The UPM (Universal Plugin Manager) within products like Jira and Confluence has a really helpful feature for figuring this out. Check out Checking app compatibility with application updates. This feature can help you to determine if you have any plugins that are not yet updated in Marketplace for the versions you intend to upgrade to.
As for upgrading Jira from lower versions: You should be find to do this in a single upgrade provided that your Jira is running on a 7.0.0 and Service Desk is on a 3.0.0 version before this upgrade. If you happen to have a Jira 6.x and Service Desk 2.x or earlier versions, you would need to first upgrade these to a 7.0.x/3.0.x version of Jira/Service Desk before you could then upgrade to the latest versions. This requirement is noted in Skipping major versions when upgrading JIRA applications. The only other concern with upgrading Jira tends to be to make sure that when you upgrade your are on a supported platform. These are documented in Jira Supported platforms, and you will notice that the top right corner of that page has a version dropdown that can be useful for determining which version of the document applies to which version of Jira you have.
I hope this helps to answer all your questions. Please let us know if you have any follow up concerns here.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.