What is changing?
We have just deprecated a number of obsolete download attachment and thumbnail APIs. The following APIs will be removed and replaced in Jira Cloud:
thank you for the notification. May I ask what’s the reason to deprecate this already after 3 months instead of the usual 6 months as stated in your deprecation policy?
Hi @matthias ,
We’ve chosen to deprecate this in 3 months rather than our usual 6 months as OAuth scopes are not correctly enforced on these APIs and the use of user-generated content within the URI as part of the attachment name leaves a larger surface area for exploitable vulnerabilities. To ensure we close security gaps within an acceptable timeframe, we’ve chosen to shorten the deprecation period.
These APIs also do not come under the standard deprecation policy as they are not officially supported as part of our public REST API documentation
However, we understand the deprecated APIs have existed for a long time so we would like to give consumers ample time to migrate to the new endpoints. If for any reason there are unexpected issues with migration, we are happy to revisit the 3-month deprecation period.