We’re introducing a change in the dependency injection engine for Jira Data Center. We’re removing the Pico technology and standardizing on Spring across the board. This change is designed to have no impact on P2 plugins or change the composition of services available in OSGi. Additionally, we’ve ensured that ComponentAccessor maintains its existing contract.
The plugin system, and you, have been using Spring for over a decade. This update didn’t require any changes in any of our in-house bundled apps, the Jira Software application, or the Jira Service Management application. This gives us confidence that this change is safe to roll out. However, we want to share the result of this update with you as soon as possible.
Also note that we’re in the process of wiping out Pico explicit code from the internal com.atlassian.jira.component.pico package and some of these changes are still pending.
Timeline
We aim to ship this change in Jira Data Center 10.4.0 which is scheduled for the second half of January 2025. You can expect an EAP build very shortly. We’re eager to hear whether there are any unintended side effects in your apps.
Make sure to mention me directly in your response and I’ll be monitoring this thread very closely.
Thank you for the question. This EAP is prior to our feature freeze for 10.4, there will be one once we get there, with the regular changelog. I have rushed the EAP exposure of this particular change, because my team cares a lot about removing old tech where we can.
The Pico migration to Spring in the Core was to cause no effect on P2 plugins, and the purpose of this EAP is to gather as much feedback as we can about this change, even though nothing in the API surface has changed… We intended this blogpost to be where the EAP documentation link points to, but it seems we didn’t do a very good job at it
can you check this artifact → com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1, it is not available
Jira 10.4.0-m0001 (and 10.3.1)
Downloading from maven-central: https://repo1.maven.org/maven2/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from atlassian-proxy: https://packages.atlassian.com/artifactory/maven-atlassian-all/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from terracotta: https://repo.terracotta.org/maven2/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from gradle-plugins: https://plugins.gradle.org/m2/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from mulesoft: https://maven.anypoint.mulesoft.com/api/v1/maven/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from aspose: https://releases.aspose.com/java/repo/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from clojars: https://clojars.org/repo/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from sonatype forge: https://repository.sonatype.org/content/repositories/forge/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from mulesoft-releases: https://repository.mulesoft.org/releases/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from mulesoft-public: https://repository.mulesoft.org/nexus/content/repositories/public/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from typesafe: https://repo.typesafe.com/typesafe/releases/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from jenkins-releases: https://repo.jenkins-ci.org/releases/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from maven-atlassian-all: https://packages.atlassian.com/mvn/maven-atlassian-all/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
Downloading from central: https://repo.maven.apache.org/maven2/com/atlassian/velocity/htmlsafe/velocity-htmlsafe/5.0.1/velocity-htmlsafe-5.0.1.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11.928 s
[INFO] Finished at: 2024-12-21T09:17:33+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project testproject: Could not resolve dependencies for project com.itlab.jira.plugins:testproject:atlassian-plugin:5.32.1-SNAPSHOT
[ERROR] dependency: com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 (provided)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in maven-central (https://repo1.maven.org/maven2/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in atlassian-proxy (https://packages.atlassian.com/artifactory/maven-atlassian-all/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in terracotta (https://repo.terracotta.org/maven2/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in gradle-plugins (https://plugins.gradle.org/m2/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in mulesoft (https://maven.anypoint.mulesoft.com/api/v1/maven/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in aspose (https://releases.aspose.com/java/repo/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in clojars (https://clojars.org/repo/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in sonatype forge (https://repository.sonatype.org/content/repositories/forge/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in mulesoft-releases (https://repository.mulesoft.org/releases/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in mulesoft-public (https://repository.mulesoft.org/nexus/content/repositories/public/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in typesafe (https://repo.typesafe.com/typesafe/releases/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in jenkins-releases (https://repo.jenkins-ci.org/releases/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in maven-atlassian-all (https://packages.atlassian.com/mvn/maven-atlassian-all/)
[ERROR] Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 in central (https://repo.maven.apache.org/maven2)
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR] Failed to execute goal on project foo-plugin: Could not resolve dependencies for
project io.foo-plugin:atlassian-plugin:3.1.0: The following artifacts could not be resolved:
com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1 (absent):
Could not find artifact com.atlassian.velocity.htmlsafe:velocity-htmlsafe:jar:5.0.1
in atlassian-public (https://maven.atlassian.com/repository/public) -> [Help 1]
I’ve taken a look at ScriptRunner to see if we have any references to Pico, surprisingly we do! Our internal usages appear to just be historical cruft, I am confident they can either be removed or replaced with an alternative, this doesn’t concern me.
What does concern me is the theoretical presence of references to Pico in customer scripts, this seems unlikely but ScriptRunner has been around a long time, it’s quite possible it will have leaked in at some point.
Given that 10.4 is not a major release, I would prefer if com.atlassian.jira.component.pico.ComponentManager removal was pushed out to Jira 11, which isn’t that far away in the grand scheme of things.
Overall I think that this is probably relatively low risk for us and our mutual customers, however I would sleep better at night if these changes landed in a major release and not a minor.
We intended this blogpost to be where the EAP documentation link points to, but it seems we didn’t do a very good job at it 
