Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.5.0, 7.8.0
-
7.05
-
5
-
Severity 2 - Major
-
0
-
Description
Summary
Plugins/apps with expired maintenance terms can still be updated to newer versions.
After investigation (on Jira 7.5 and latest UPM version), we’ve got to the conclusion that Jira caches the status of the licenses and does not clear this cache when add-ons are upgraded/disabled/enabled.
Steps to Reproduce
Given:
- Version A of our add-on, released on 2017-07-07
- A commercial license with support expiring on 2017-08-26
- Version B of our add-on, released on 2017-11-17
- install version A of the add-on
- apply the commercial license: add-on works correctly (OK)
- upgrade the add-on to the version B: add-on still works correctly (NOK. The license maintenance expired before the release of version B, there should have been an error LicenseError.VERSION_MISMATCH)
Expected Results
The license maintenance expired before the release of version B, there should have been an error LicenseError.VERSION_MISMATCH. (See docs)
Actual Results
You can upgrade the app even if the maintenance of you license has expired and the new version of the app has been released after the maintenance expiration date.
Notes
- If we simply disable/enable the add-on, then the license works as if it was valid (cache not cleared, pluginLicense.isValid() returns true) and this is not ok.
- If we restart the Jira instance, then Jira detects the invalid license and everything is handled correctly (meaning the add-on does not work anymore, pluginLicense.isValid() returns false).
- Or, if in our add-on we do, during startup:
eventPublisher.publish(new ClearCacheEvent(Collections.emptyMap()));
all the caches are cleared and the add-on detects correctly that the license is invalid (pluginLicense.isValid() returns false).
I believe every marketplace vendor uses the same api for license check. The way this work I believe it's possible to upgrade any add-on even if the maintenance is expired and the release date of the new version is after the maintenance expiration date. So I think this impacts all the server vendors.
We have also reported this on the developer community: https://community.developer.atlassian.com/t/jira-license-licensemanager-cache-is-not-cleared-when-the-add-ons-are-upgraded-disabled-enabled/13372
Attachments
Issue Links
- relates to
-
DEVHELP-901 Loading...