Summary

Within recent versions of Jira (10.x.x) and Confluence (9.x.x) a Velocity Allowlist has been added. Due to this it means that Methods used within the User Interface and Templates require to be added to an Allowlist within our plugins. With that said, this also affects Email Notification Templates as all methods/context’s found within the Velocity Context must be within the Velocity Allowlist.

Identifying if impacted

There is two ways to know if you have encountered a Velocity Allowlist problem.

1) Items within the User Interface/ Notification Template not rendering

If an item within the User Interface does not render it will result in the underlying Velocity code being rendered on the screen instead, which looks like the following:

User Interface

Open

Notification Template

Open

2) Log Messages when an Non-Allowlisted method is used

When a Non-Allowlisted Velocity method is used it results in a Log Message being added to atlassian-jira.log/atlassian-confluence.log which looks like the following:

Open

What to do if this is seen within our plugins

If this is seen within our app, we would recommend contacting our support with a screenshot of the issue. As this would indicate that there is a method that has not been Allowlisted and would require the Allowlist within our app to be updated.

You can contact support by either emailing support@thepluginpeople.com or using our support Portal: https://thepluginpeople.atlassian.net/servicedesk/customer/portal/1

Template Velocity Context Issues

Within the JEMH Velocity Context for Templates, there are a lot of context that Atlassian provided. Since the introduction of the Velocity Allowlist it has meant that some of the contexts/methods are no longer usable within JEMH Templates as Atlassian has either removed them or not Allowlisted them.

Below is a table of Broken Contexts/Methods and an alternative to use if one has been found.