2024-02 Changes to the installation of Data Center apps

To enhance security, we’re changing the way Data Center products handle app installation using Universal Plugin Manager (UPM) and REST APIs. App installation through UPM is now disabled by default. System admins can still enable app installation.

TLDR; To enhance security, we’re changing the way Data Center products handle app installation using Universal Plugin Manager (UPM) and REST APIs. App installation through UPM is now disabled by default. System admins can still enable app installation.

To enhance security, we’re changing the way Data Center products handle app installation using Universal Plugin Manager (UPM) and REST APIs. App installation through UPM is now disabled by default. System admins can still enable app installation.

This change doesn’t affect the installation of apps from the Atlassian Marketplace.

When will this change be available?

Upgrade to the following product version, to activate this change:

• Jira Software 9.14, see release notes

• Jira Service Management 5.14, see release notes

• Confluence 8.8, see release notes

• Bitbucket 8.18, see release notes

• Bamboo 9.5.1, see release notes

• Crowd 5.3 to be released soon

What changes for admins?

Changes to the user interface

We’re removing the Upload app button from the Universal Plugin Manager, so system admins won’t be able to install apps through the Administration.

Here’s an example of the Bitbucket user interface before and after the change.

Before

After

Changes to the REST API

We’ve changed the /rest/plugins/1.0/ REST APIs to block the possibility of installing apps.

How can admins enable API app installation?

The system admin can enable the functionality by setting the upm.plugin.upload.enabled system property to true.

To apply changes admin needs to restart the product instance.

For further details, check respective release notes.

App installation will be disabled for Data Center product instances running on Atlassian Marketplace Plugin Suite (AMPS). To enable it you need to switch to developer mode or set the upm.plugin.upload.enabled property to true.

Is there LTS support for this functionality?

This change will be also implemented in the following supported LTS versions:

• Jira Software 9.12 LTS and 9.4 LTS

• Jira Service Management 5.12 LTS and 5.4 LTS

• Confluence 8.5 LTS and 7.19 LTS

• Bitbucket 8.9 LTS

• Bamboo 9.2 LTS