RFCs are a way for Atlassian to share what we’re working on with our valued developer community.
It’s a document for building shared understanding of a topic. It expresses a technical solution, but can also communicate how it should be built or even document standards. The most important aspect of an RFC is that a written specification facilitates feedback and drives consensus. It’s not a tool for approving or committing to ideas, but more so a collaborative practice to shape an idea and to find serious flaws early.
Please respect our community guidelines: keep it welcoming and safe by commenting on the idea not the people (especially the author); keep it tidy by keeping on topic; empower the community by keeping comments constructive. Thanks!
Project summary
We’re deprecating both the LESS web-resource transformer and the LESS Maven plugin. They’ll be removed in all of our Data Center products in their next major versions: Jira Software 11, Jira Service Management 11, Confluence 10, Bitbucket 11, Bamboo 11, and a Crowd version to be released by the end of FY25.
We built this in 2012 when the frontend development landscape was different. At the time, CSS didn’t have variables yet, which we needed to build the Look and Feel features.
We recommend you replace the runtime transformation of LESS files with build-time compilation or move to native CSS altogether where applicable.
Solution
We’re updating Look and Feel to use CSS variables, and all styles will either be CSS or compiled to CSS at build-time. We’re also removing LESS compilation from Java build and runtime. You can continue to use LESS or any other CSS pre-processor at build-time.
With these changes, we’re aiming to enhance the security, performance, and developer experience of the Data Center products. Here’s the full list of benefits this solution will bring:
Security
- Eliminate a path for potential remote code execution vulnerabilities by removing the runtime processing of user-generated content processing.
- Reduce the exposure to vulnerabilities in LESS, Rhino, and their transitive dependencies.
Performance
- Boost runtime performance by compiling styles at build-time rather than when served.
- jira only Boost startup times by removing the LESS cache warmup system.
Developer experience
- Support for modern CSS and LESS features.
- Seeing the result of the compilation without launching the product.
- Removal of bugs stemming from the use of the Rhino compatibility layer and Atlassian patches to LESS.
Recommendations
To make sure you’re prepared in advance, we recommend you:
- Replace the existing Look and Feel LESS variables with their replacement CSS variable.
- Remove usage of runtime LESS transformation and the Maven plugin by either:
- Converting the LESS files to CSS. Now that our supported browsers support CSS nesting and variables, there are few reasons to continue using LESS.
- Introducing the build-time step for compiling the LESS files. We recommend using the official LESS compiler hosted on NPM but you’re free to use any approach that makes sense in the circumstances.
Asks
While we’re happy to get any feedback on this RFC, we’re particularly hoping to get insights on:
- Anything you’d like to see to make the migration easier.
- Any hard blockers to migration you can think of.