Release Manual 10.0.x

    Upgrade instructions

    The Release upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

    For detailed instructions based on your upgrade scenario, refer to Upgrade scenarios.

    If you have hotfixes installed, contact the support team before upgrading.

    If you have a cron timezone set (akka.quartz.defaultTimezone) in your xl-release.conf, you need to change the configuration key to xl.quartz.timezone. The property value should stay same, only the key should be changed:

    xl {
        quartz {
            timezone = CET
 Release 10.0.0

    Release 10.0.0 is a long-term support (LTS) version that will be supported until superseded by the next long-term support (LTS) version. For more information, refer to Short-term support/Long-term support policy.

    Feature highlights Release 10.0 includes these new features:

    • DevOps as-code YAML now has 100% coverage of runtime configuration data
    • Audit Reports with full Permission overview
    • More metrics in Support Accelerator
    • Notification schemes are now configurable on the folder level
    • Disable release notifications
    • Support for @-mentioning team members in comments and descriptions.
    • Performance and stability improvements
    • Support for token authentication through Keycloak
    • Session persistence for clustering environments
    • Folder navigation improvements
    • Day and Year view on the Release Calendar
    • Technology Preview: Delivery Insights deep integration with Continuum

    ...and numerous bug fixes and other improvements!

    Feature breakdown

    Full as-code coverage

    Added support for all general settings, global variables, calendar features.

    In essence, all runtime configuration data is now supported with DevOps as-code. This means that you can now store your server configuration in version control for easy management and sharing of your Release configurations as code in a Git repository, enabling GitOps.

    Flags added to the xl cli utility:

    --defaults        Include properties that have default values
    --settings        Add to the generated file all general settings
    --variables       Add to the generated file all the variables in system
    --notifications   Add to the generated file e-mail notification settings
    --calendar        Add to the generated file blackout and special days from calendar
    --triggers        Add to the generated file all the triggers in the system

    It's now also possible to preview the DevOps as-code Yaml directly in the UI, without having to install or run the xl utility. Great for creating ad-hoc snippets!

    Audit Reports with Permissions

    There is an extra tab on the Release Audit Report that contains an overview of all relevant permissions that were granted to all users during the lifespan of the release. This allows an auditor to see who has had what kind of access to a particular release during its lifetime.

    Support accelerator

    We extended the "Get data for support" package with additional reports to provide better insight into the Release usage profile and speed up data collection and troubleshooting efforts. Some metrics are exposed under "System information" in the UI (Gear icon).### Notification schemes on folder level

    Now it's possible to tweak notifications on the team level. Go to the notification schemes in a folder and specify which team gets notified when a release starts or fails, for example.

    Disable release notifications

    From Release 10.0 you can disable all email notifications from the release properties page. All releases created within a Create Release Task will also be silenced.


    Easily ping a team member by @-mentioning them in a comment.

    Performance and stability improvements

    Improvements in Release 10.0.0 offer better performance starting a server with numerous active releases and reduces CPU and memory pressue during the execution of releases.

    Support for token authentication through Keycloak

    Token-based authentication is now supported for setups that use OIDC over Keycloak.

    Read more about the configuration here: Configure OpenID Connect (OIDC) authentication with Keycloak

    Session Persistence

    In Release, you can now configure session storage to enable clustered sessions without being tied to an application container. Session data will be stored in the database. For details, see Clustered Sessions.

    Note: If you are using Atlassian Crowd integration to authenticate users, modify the xl-release-security.xml security configuration file as below.

    Remove <import resource="applicationContext-CrowdRestClient.xml"/> and import <import resource="xl-crowd-deploy-security.xml"/> instead.

    This following is an example xl-release-security.xml file:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="" xmlns:xsi=""
        <import resource="xl-crowd-deploy-security.xml"/>
        <bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
            <property name="crowdClient" ref="crowdClient"/>
            <property name="authorityPrefix" value=""/>
        <bean id="crowdAuthenticationProvider" class="">
            <constructor-arg ref="crowdClient"/>
            <constructor-arg ref="crowdHttpAuthenticator"/>
            <constructor-arg ref="crowdUserDetailsService"/>
        <bean id="rememberMeAuthenticationProvider" class=""/>
        <security:authentication-manager alias="authenticationManager">
            <security:authentication-provider ref="rememberMeAuthenticationProvider"/>
            <security:authentication-provider ref="xlAuthenticationProvider"/>
            <security:authentication-provider ref="crowdAuthenticationProvider"/>

    For details, see Configure Atlassian Crowd security for Release.

    Folder navigation improvements

    Restyled the vertical tab layout inside folders to be snappier and easier to navigate

    Day and Year view on the Release Calendar

    The Release Calendar now supports the extreme close-up of the Day view and the 10,000 feet overview of the Year view. Release 10.0.0 release notes

    New features

    • [ENG-1389] - JSON webhooks: VersionOne sample
    • [ENG-1390] - JSON webhooks: Nexus sample
    • [ENG-1391] - JSON webhooks: Artifactory sample
    • [ENG-1392] - JSON webhooks: DockerHub sample
    • [ENG-1394] - JSON webhooks: Azure DevOps sample
    • [ENG-1610] - Added support to fetch configuration from well-known oidc-configuration URI
    • [ENG-1949] - As code: Support for SMTP server
    • [ENG-1950] - As code: Support for blackout and special days on Calendar
    • [ENG-1951] - As code: Support for Task Access
    • [ENG-1952] - As code: Support for Notification schemes
    • [ENG-1953] - As code: Support for General settings
    • [ENG-1955] - Navigation: put Release Calendar under Scheduling
    • [ENG-2366] - As code: Separate flags for exporting global and folder variables
    • [ENG-2369] - Social: User mention notifications in tasks
    • [ENG-2434] - Replace Jettison JSONObject with Jackson ObjectMapper when leniently loading Release JSON
    • [ENG-2458] - "Collapse all" on Folder view
    • [ENG-2460] - Add support for store session data in database
    • [ENG-2461] - Folder tree now expands to the folder users are coming from
    • [ENG-2464] - Evaluate book for Release UI components
    • [ENG-2493] - Add support for token based authentication for Jenkins Integration
    • [ENG-2513] - Added out-of-box lookup support for task modal
    • [ENG-2567] - Token authentication using OAuth
    • [ENG-2595] - Added UI for notification scheme on folder level same as global level
    • [ENG-2596] - Added support for Teams on folder level notifications scheme
    • [ENG-2611] - Migrated global notification screen to react
    • [ENG-2635] - New proof of concept of Release Permission report added
    • [ENG-2656] - Added backend APIs to support folder level notifications scheme
    • [ENG-2657] - Added new folder permission for notifications
    • [ENG-2658] - Added as-code support for folder level notifications
    • [ENG-2664] - As code: Support environment reservations in as-code
    • [ENG-2669] - Extended support package with usage statistics report
    • [ENG-2692] - Resolved full names in Users & Permissions Audit Report (Excel)
    • [ENG-2733] - Moved cluster messages in their own queue
    • [ENG-2746] - Exposed API to copy an existing template
    • [ENG-2824] - As code: Support for User profile settings
    • [ENG-2826] - Migrated global notification screen modal to react
    • [ENG-2855] - Show as-code Yaml in UI for templates
    • [ENG-2952] - As-code: Support wildcard search
    • [ENG-3080] - Visual distinction between real and virtual teams on folder notification settings
    • [ENG-3239] - Sorted permissions by Principal, then Has Permission
    • [ENG-3240] - Added friendly permission names in report
    • [ENG-3242] - Merged permissions from entire release time span
    • [ENG-3244] - Created permission snapshots on upgrade
    • [ENG-3316] - Updated folder navigation to v2
    • [ENG-3319] - Applied a hotfix for leak in task search (FI-386)
    • [ENG-3335] - Enabled lookup of tile property values
    • [REL-10176] - API: Export template in .xlr format is not available.
    • [REL-10334] - New Calendar Day View
    • [REL-10336] - New Calendar Year View
    • [REL-10477] - More Futures timed out exceptions
    • [REL-10499] - Renamed headers in Users & Permissions Audit Report (Excel)


    • [ENG-2311] - Make custom and script tasks save results asynchronously
    • [ENG-2934] - Added the ability to sort searching releases by ascending and descending order
    • [ENG-2962] - Added a Role id as extension to the GET release call [ReleaseApi]
    • [ENG-3070] - Numerify needs roleId for folder teams as well
    • [ENG-3250] - Added a feature flag to remove restriction for encrypted value usage
    • [REL-9876] - More than one user editing the same delivery pattern at once can cause problems

    Bug fixes

    • [ENG-1530] - Tags are not properly displayed when multiple lines of tags are assigned to release.
    • [ENG-1866] - Refine release audit report for templates
    • [ENG-2244] - Missing template title on release properties page
    • [ENG-2256] - Calendar UI issues with blackout period and label
    • [ENG-2262] - Server error for long label and blackout period names
    • [ENG-2284] - Create release destination folder variable resets to parent folder upon failure
    • [ENG-2304] - Header of Triggers view on folders misaligned on minimum resolution
    • [ENG-2305] - Remove task description from the Release audit Task details sheet
    • [ENG-2324] - Can use encrypted password value when adding new tasks to a phase through a jython script
    • [ENG-2342] - The delivery of the Deliveries tab is getting off the screen.
    • [ENG-2393] - Disable Test button in HTTP Endpoint For Webhooks shared configuration
    • [ENG-2417] - Fix update for an enum property values
    • [ENG-2418] - Fix default cron timezone for quartz
    • [ENG-2512] - Pipeline icon on release overview is not visible for planned releases
    • [ENG-2627] - Fix spring security extension import for OIDC Plugin
    • [ENG-2751] - CompleteTask message to actor ignored because of GC
    • [ENG-2803] - Environment reservation does not show selected applications if it contains a note
    • [ENG-2814] - Set default stage if present while creating a new environment
    • [ENG-2858] - Triggers: invisible variables mappings are still saved
    • [ENG-2889] - Inconsistent behavior when making releaseApi.restartPhase(release, True) Jython API call
    • [ENG-2918] - Add proper permission check to delete the configuration
    • [ENG-2950] - Improve template selector on Create release page
    • [ENG-2967] - Bulk operations should go through respective actors
    • [ENG-2983] - Empty content tabs appear in Audit Report
    • [ENG-3026] - Tooltip component not wrapping the long character word
    • [ENG-3072] - Release not archiving
    • [ENG-3077] - Generate for as-code is not working when variable is used for folder or template in create release task
    • [ENG-3129] - List box variable requires two COMPLETE button entries during release
    • [ENG-3148] - As-code: gate task with dependency can't apply the YAML that was generated
    • [ENG-3227] - Fix HTTP 401 errors for logo with branding changes
    • [ENG-3260] - Intermittent NPE applying YAML with gate tasks in template on clustered XLR
    • [ENG-3551] - As-code: Dashboard tile added with as-code appears twice
    • [ENG-3566] - As code: variables in user input task are erased when the template is updated
    • [ENG-3651] - Fix permission check to fill blackout period
    • [ENG-3661] - Full name doesn't show up in downloaded reports
    • [ENG-3677] - Restrict users to create any Blackout period/Special Days before the current date in UI
    • [ENG-3757] - Properties declared as reference to CI are not wrapped as dictionaries for ValueProvider
    • [ENG-3787] - Improve template selector on Create Release Task popup
    • [ENG-3807] - Notifications are not sent to LDAP groups
    • [ENG-3818] - Users with empty roles are not able to login with OIDC Plugin
    • [ENG-3822] - HTTP 400 error while exporting release audit report
    • [REL-9869] - Make sure tracked items names are case insensitive in UI / tasks Release 10.0.1 release notes

    New features

    • [ENG-3304] - Make risk calculation and update independent of release actor
    • [ENG-3813] - Reduce number of teams/roles/permissions reads during task execution
    • [ENG-3852] - Change default value to false for Stuck gate detector
    • [ENG-4401] - Improvement around session management


    • [ENG-3745] - Add validations on new folder modal
    • [ENG-3906] - Implement debounce for release progress service
    • [REL-10513] - Add timestamp marker to all view

    Bug fixes

    • [ENG-2156] - Calendar dragging does not work if touching release blocks
    • [ENG-2604] - New lines in comment section are not rendered properly in notification email
    • [ENG-3547] - [Calendar UI] Blackout popup showing only topmost blackout
    • [ENG-3656] - Highlight current day/week/month/year in Navigation drawer when user opens it
    • [ENG-3781] - Not able to delete/edit the color code after "three" letters
    • [ENG-3806] - Broken delivery properties screen for long pattern name
    • [ENG-3824] - XLR Calendar: Change Day view timeline Date format based on user selection
    • [ENG-3825] - Task owner should not change after being completed in advance
    • [ENG-3826] - Folder owner wrong calculated for ldap group users
    • [ENG-3830] - DuplicateKeyException on session timeout with OIDC Plugin
    • [ENG-3832] - As-code: can't import templates with scheduledStartDate in the future
    • [ENG-3833] - Unable to edit long folder variable names
    • [ENG-3841] - Duplicate releases on folder releases list
    • [ENG-3855] - Use UTF-8 on Jython HttpRequest
    • [ENG-3950] - Releases that are FAILURE_HANDLER_IN_PROGRESS are not recovered
    • [ENG-3977] - Browser History is polluted when calendar view is changed
    • [ENG-4016] - Make team member check case insensitive
    • [ENG-4024] - Fix searchReleases public API
    • [ENG-4040] - Bring the Z-dept of timeline marker to be in front of the releases
    • [ENG-4043] - Global notifications screen shows infinite spinner
    • [ENG-4244] - Triggers uses old shared configuration after update on shared configuration
    • [ENG-4260] - Watcher predictive text field not working
    • [ENG-4280] - FI-464 Template owner dictates release owner when release started from template
    • [ENG-4310] - Search not working when Adding non-exist user to Teams
    • [ENG-4636] - Changing the config in a duplicated dashboard causes changes in the config to all duplicated dashboards
    • [ENG-7613] - Fixed the bug for the "Wait for Status" task with OAuth in Servicenow Plugin. Release 10.0.2 release notes

    New features

    • [ENG-5089] - Changed default value to true for gate actor
    • [ENG-5251] - Featured Toggle: Send email to inactive users


    • [ENG-4816] - Added option to disable certificate handshake

    Bug fixes

    • [ENG-4593] - Jenkins plugin: task should fail if jenkins job is not found
    • [ENG-4759] - Deadlock on XLR_USER_PROFILES
    • [ENG-4861] - Delete button position not correct on template versioning page
    • [ENG-4892] - Redirect to OIDC login page on session timeout
    • [ENG-4937] - MSSQL SQL error in Spring Sessions
    • [ENG-4959] - MSSQL - deadlocks on deliveries
    • [ENG-5061] - Jenkins task failed to authenticate even though added Jenkin server globally in share configuration
    • [ENG-5144] - Random NullPointerException on tasks in Parallel and Sequential Group
    • [ENG-5216] - Create Release tasks : Template selection pop-up
    • [ENG-5324] - Script output attachment is truncated to 32kb
    • [ENG-5427] - XLR-Jenkins-Plugin: multibranch pipeline job task fails when using API token for auth Release 10.0.3 release notes

    Bug fixes

    • [ENG-5152] - Fixed the set_of_string field which used to lost when the template is applied/created through the CLI
    • [ENG-5254] - Fixed: The same object (variable) value is modified from different threads
    • [ENG-5345] - Find or Create Delivery task—Fixed an issue that prevented users from viewing the Pattern/Stage information on Find Or Create Delivery tasks.
    • [ENG-5409] - Fixed: Create Release task displays ReleaseId instead of Release Title
    • [ENG-5464] - Fixed to pass multiline string parameter in Jenkins task
    • [ENG-5586] - Jetty—Removed server header from HTTP response headers.
    • [ENG-5631] - Fixed an issue that prevented Trigger creation when you import and apply an As Code YAML file that defines:
    • a Release Template and a time-based Trigger—wherein the template's name starts with "Release" and the trigger references this template
    • a Release Template and an event-based Trigger—wherein the template's name starts with "Release" and the trigger references this template
    • [ENG-5634] - Fixed: Password handling in script tasks is inconsistent when override of security is used
    • [ENG-5719] - Fixed an issue that prevented the user from exporting the Release Audit Report.
    • [ENG-5840] - Fixed the Password field when becomes blank while starting release from Create Releaser task Release 10.0.4 release notes

    Bug fixes

    • [ENG-5200] - Updated the user interface with the more precise format for Day, Week, and Month
    • [ENG-5504] - Fixed the issue when a large number of environments are present, Deployment tile throws an exception
    • [ENG-6420] - Updated and fixed the ‘User Input’ task detail view UI from two inputs to one and variable field to show the previously added value
    • [ENG-6436] - Removed unwanted encoding of user input, which made special characters look garbled in Jira tasks
    • [ENG-6493] - The XLR task/release is completed with the local/LDAP user credentials once provided in the template property
    • [ENG-6618] - Fixed the issue: ‘Create Release’ task displays the release ID instead of title for the Root level template
    • [ENG-6715] - Updated HttpResponse.class from str to unicode
    • [ENG-6734] - Fixed the remember-me functionality by changing the default value from 1 year to 30 days
    • [ENG-6862] - Fixed the unfunctional Pop-Up menus (Help and Setting) on a Windows machine
    • [ENG-7024] - Fixed the duplicate TaskPreconditionValidated deliveries by clearing the executionId on task.
    • [ENG-7072] - Fixed the issue when Webhook event has triggered with variables having DOT in the name. Release 10.0.5 release notes

    Bug fixes

    • [ENG-7175] - Fixed the issue by increasing the release column width in the release group.
    • [ENG-7186] - Fixed the issue where RolesApi#getRole() property did not return exact role name.
    • [ENG-7282] - Fixed the Trigger failure causes serialization error in cluster mode.
    • [ENG-7283] - Fixed the Email notification task fails with the error "javax.mail.internet.AddressException: Illegal address in string".
    • [ENG-7296] - Fixed the As Code Apply failing for Custom Script task when Synthetic Property is set as Empty. Release 10.0.6 release notes

    Bug fixes

    • [ENG-7142] - Fixed the issue of the Actor crashing in a task inside the group which is scheduled to start, but the group is not started.
    • [ENG-7196] - Fixed the issue of displaying all folders when creating a new release.
    • [ENG-7412] - Fixed the Custom logo alignment in the Email Notifications Footer.
    • [ENG-7487] - Fixed the resolved usernames when showing the Roles page by removing the LDAP data search.
    • [ENG-7537] - Fixed the issue where Restricting os.path module for Jython script.
    • [ENG-7659] - Fixed the issue REOPEN & ESCALATE = Jython not truly patched for XLR 9.8, 10.0.
    • [ENG-7700] - Fixing the issue of application in XLR which does not appear in the Deployment Attribute.
    • [ENG-7730] - Resolved the As-code generated dashboards that are not resolving filters on all tiles. Release 10.0.7 release notes

    Bug fixes

    • [ENG-7980] - Fixed the broken Jython patch for issues 2618 and 2894. Release 10.0.8 release notes

    Bug fixes

    • [ENG-8052] - Fixed an issue for unknown ConfigurationItem property xlrelease.Attachment.release. Release 10.0.9 release notes

    Bug fixes

    • [FI-892] - Fixed a permission issue with the Release's Script task—Folder > Edit Variables permission is no longer required to read/edit release variables.

    • [FI-912] - Fixed an issue with the Release CLI that caused problems with template export/import. Release 10.0.10 release notes

    Bug fixes

    • [FI-745] - Fixed the trigger consistency issue in clustered environment.
    • [FI-943] - Fixed the "" "/root/.postgresql/postgresql.crt" "read" reporting pool error.
    • [FI-963] - Deploy and Release are not susceptible to log4j vulnerability. Though Deploy and Release were bundled with log4j-to-slf4j and log4j-api files, these JAR files cannot be exploited. While neither these files nor Deploy and Release are susceptible to attack due to this log4j vulnerability, some threat detection systems may flag these files. To avoid any such false positive threat indications in future, the latest log4j library files (interface and supporting third party libraries) were bundled with both Release and Deploy. For more information, see Log4j Vulnerability to Zero-Day Exploit and Release and Deploy. Release 10.0.11 release notes

    Bug fixes

    • [ENG-8302] - Fixed an issue that prevented a release (that was created from a global template) from inheriting folder permissions.

    • [ENG-8545] - Fixed—You can now use variables in the Watchers field of release tasks.

    • [ENG-8812] - Deploy and Release are not susceptible to log4j vulnerability. Though Deploy and Release were bundled with log4j-to-slf4j and log4j-api files, these JAR files cannot be exploited. While neither these files nor Deploy and Release are susceptible to attack due to this log4j vulnerability, some threat detection systems may flag these files. To avoid any such false positive threat indications in future, the latest log4j library files (interface and supporting third party libraries) were bundled with both Release and Deploy. For more information, see this article.

    • [ENG-8952] - Fixed the missing index on XLR_FOLDER_VARIABLES (FOLDER_CI_UID).

    • [ENG-9015] - Fixed the incorrect Release component version in one of the database tables the XL_VERSION table.

      Important: If you are upgrading from one of the following Release versions, you must only upgrade to the latest patch release available for the version of Release you are upgrading to. For example, if you are on Release version 10.0.9 and planning to upgrade to the 10.3 version, you should upgrade to 10.3.8 or later versions of the 10.3 release. Here's the list of Release versions that are affected due this bug: Release 9.7.18, 9.7.19, 9.7.20, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.1.6, 10.1.7, 10.1.8, and 10.1.9. The fix for the bug is available on these versions: Release 9.7.21, 10.0.11, 10.1.10, 10.2.10, 10.3.8, and 22.0.1. Release 10.0.12 release notes

    Field Incidents

    • FI-859 — Fixed an issue with variable mapping in the Release properties that prevented users from selecting variables under the Run automated tasks as user field. Release 10.0.14 release notes

    Bug Fixes and Field Incidents

    Note: There is no Release version 10.0.13.

    • FI-1018 - Fixed an issue with the Create Release task where the changes to the variable properties (label, description, required Flag) of the release template were not reflecting correctly.
    • ENG-9397 - Fixed an issue where we were unable to apply YAML with the value provider in CRT variables.
    • ENG-9180 - Fixed an issue with the task-transition permission by removing it from Release Owners. Earlier this permission was available by default. Now it has to be configured.