This page contains announcements and updates for developers from various products, platforms, and programs across Atlassian. It includes filter controls to make it easier to only see updates relevant to you.
To ensure you don’t miss any updates, we also provide RSS feeds. These feeds will take on any filters you applied to the page, and are a standardized way of keeping up-to-date with Atlassian changes for developers. For example, in Slack with the RSS app installed, you can type /feed <FEED URL> in any channel, and RSS updates will appear in that channel as they are posted.
Support for Claude Sonnet 4.6 model is now available in Forge LLMs. For the exhaustive list of supported models, refer to our documentation here
What's changing
The legacy storage module has been removed from the @forge/api package. This follows the deprecation notice issued in Dec 1, 2025.
Starting today, any apps still using import { storage } from '@forge/api' will fail to build or run, as this export is no longer available.
What you need to do
If your app still uses the legacy storage module, you must migrate to the @forge/kvs package immediately to avoid service disruption.
Install the @forge/kvs package: npm install @forge/kvs
Update your imports from import { storage } from '@forge/api' to import { storage } from '@forge/kvs'
Deploy the updated version of your app.
For detailed instructions, refer to the KVS migration guide. You can also use the Forge CLI linting tool to identify any remaining references to the deprecated module.
Forge packages now ship TypeScript 5-compatible type declarations and declare an optional peer dependency on typescript >= 5.0.0.
What's changing
TypeScript 4 compatibility is not guaranteed in future releases.
An optional peer dependency on typescript >= 5.0.0 has been added to each package.
What you need to do
If you use TypeScript, and want to use the latest Forge package versions, upgrade to TypeScript 5:
In your project, run: npm install typescript@^5.0.0 --save-dev
Update your Forge package dependencies to the latest major version.
Review your tsconfig.json for any TypeScript 5-specific settings you may want to enable.
Re-build and test your app.
Forge Object Store and front-end `useObjectStore` hook is now available in Preview. Forge Object Store EAP is now closed.
The Preview release provides improvements to pre-signed links and adds CDN support. The service will be available to all developers as a billable capability, starting on Jul 1, 2026.
Please review the available documentation, ‘useObjectStore’ documentation and pricing information to get started with Forge Object Store, including assessing all of the current limitations of the service.
Forge Object Store EAP environment will be decommissioned, and all relevant data will be deleted, from Jul 20, 2026. EAP participants will need to transition relevant apps to use Preview capability.
Following the deprecation announcement last year, access to the old workflow editor will be removed for all customers starting July 13, 2026.
What you need to do
Review your apps: If you own workflow-related apps, ensure your rules provide a high quality experience in the new editor.
Implement rule descriptions: We recommend providing dynamic configuration descriptions for Forge and Connect workflow rules. This helps admins understand your app's rules at a glance within the new editor.
Test and report issues: If you encounter any behavior issues in the new workflow editor, please raise a support ticket.
For more details refer to the community announcement.
The Developer Space Insights dashboard gives you an aggregated view of log volume, errors, alerts, performance, and cost data across your Forge apps — helping you quickly identify which apps need attention.
Access it by selecting Insights from the navigation menu in your Developer Space. The dashboard includes seven charts (showing top 3 apps where applicable), and clicking any app in a chart takes you directly to its relevant monitoring view:
Log volume by level – Total log lines broken down by log level (INFO, WARN, ERROR, DEBUG).
Apps by error log volume – Apps ranked by error log count.
Open alerts by app – Apps with currently open alerts.
Apps by invocation errors – Apps ranked by invocation errors.
Apps by latency – Apps ranked by response latency.
Apps by invocation count – Apps ranked by invocation count.
Top apps by resource usage – Apps ranked by Forge usage based cost.
All Developer Space roles (Admin, Developer, and Viewer) can access the Insights dashboard. For more information, see Developer Space Insights dashboard.
The Workflow Search API now supports a new optional projectId query parameter. When provided, the search returns only the workflows used by that project. You can combine it with the existing scope parameter, but the project must belong to the same scope you specify - otherwise no workflows are returned.
Quotes reporting is now available via Marketplace reporting APIs. We're introducing Quotes reporting to the Atlassian Marketplace reporting APIs. Partners can now programmatically retrieve their accepted quotes and export quotes data in bulk.
You can now access accepted-quote data for your apps through the reporting APIs:
List accepted quotes — a paginated list of accepted quotes for your apps, with filtering by product, creation date, acceptance date, and entitlement period.
Quote details — line-level detail for a single quote (including schedules and discounts), looked up by quoteId and/or quoteNumber.
Async export — initiate a bulk export of accepted quotes, poll its status, and download the resulting CSV/JSON file (recommended for large datasets).
The following endpoints are available for Quotes reporting.
Vendor (v2):
GET rest/2/vendors/{vendorId}/reporting/quotes(link)
GET rest/2/vendors/{vendorId}/reporting/quotes/details(link)
POST rest/2/vendors/{vendorId}/reporting/quotes/async/export(link)
GET rest/2/vendors/{vendorId}/reporting/quotes/async/export/{exportId}/status(link)
GET rest/2/vendors/{vendorId}/reporting/quotes/async/export/{exportId}(link)
Developer-space (v3):
GET rest/3/reporting/developer-space/{developerId}/quotes(link)
GET rest/3/reporting/developer-space/{developerId}/quotes/details(link)
POST rest/3/reporting/developer-space/{developerId}/quotes/async/export(link)
GET rest/3/reporting/developer-space/{developerId}/quotes/async/export/{exportId}/status(link)
GET rest/3/reporting/developer-space/{developerId}/quotes/async/export/{exportId}(link)
Key query parameters (list endpoint): productId, startDate, endDate, acceptedStartDate, acceptedEndDate, entitlementStartDate, entitlementEndDate, limit, offset.
Quote details: provide quoteId and/or quoteNumber (optionally entitlementNumber).
Async export: filter by createdStartDate/createdEndDate, acceptedStartDate/acceptedEndDate, entitlementStartDate/entitlementEndDate, and choose accept=csv or accept=json. At least one complete date range pair is required.
GET rest/3/reporting/developer-space/{developerId}/quotes?startDate=2025-01-01&endDate=2025-01-31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
"_links": {
"self": {
"href": "/rest/3/reporting/developer-space/{developerId}/quotes?startDate=2025-01-01&endDate=2025-01-31"
},
"query": {
"href": "/rest/3/reporting/developer-space/{developerId}/quotes{?productId*,startDate,endDate,acceptedStartDate,acceptedEndDate,entitlementStartDate,entitlementEndDate,limit,offset}",
"templated": true
},
"next": {
"href": "/rest/3/reporting/developer-space/{developerId}/quotes?startDate=2025-01-01&endDate=2025-01-31&offset=10&limit=10"
}
},
"quotes": [
{
"quoteId": "Q-12345",
"quoteNumber": "QT-000123",
"quoteStatus": "ACCEPTED",
"quoteCreatedDate": "2025-01-05",
"acceptedDate": "2025-01-10",
"quoteExpiryDate": "2025-02-05",
"entitlementNumber": "E-111-AAA-AAA-11A",
"productId": "acd011b1-1111-45bc-902a-247046a11111",
"productName": "Test App",
"appEdition": "Advanced",
"technicalContactCompany": "Test Company",
"technicalEmail": "test@example.com",
"startDate": "2025-02-01",
"endDate": "2026-02-01",
"userTier": 100,
"listPrice": 1200.00,
"discounts": [
{
"promotionId": "PROMO-1",
"amount": 120.00,
"percent": 10.0,
"reasonCode": "LOYALTY",
"type": "EXPERT",
"promoCode": "SAVE10"
}
],
"createdBy": "partner@example.com",
"vendorId": "1213041",
"productPlatform": "cloud",
"commerceSystem": "CART"
}
]
}No action is required to keep existing integrations working.
If you want to consume quotes data:
Use the vendor endpoints (/rest/2/vendors/{vendorId}/...) for vendor-scoped access, or the developer-space endpoints (/rest/3/reporting/developer-space/{developerId}/...) for developer-scoped access across all your apps.
For large result sets, prefer the async export flow (initiate → poll status → download) rather than the synchronous list endpoint.
New skill: forge-cost-optimizer – Analyzes your Forge app's resource usage and recommends optimizations to reduce invocation costs.
New skill: forge-security-review – Performs automated security checks against common vulnerabilities and Atlassian best practices before deployment.
New skill: forge-connector – Helps scaffold and configure connections between Forge apps and external services.
Updated: forge-app-review – Now provides a lightweight release-readiness review covering permissions, manifest hygiene, and common deployment blockers.
Codex support – Added Codex as an installation option for the plugin and individual skills.
If you're using the Forge AI Plugin, update to the latest version to access the new cost optimizer and security review features.
To install via Codex, follow the new Codex installation steps in the relevant skill or plugin docs.
We’ve released a preview of new modal sizing capabilities, giving you more control over how your app's modals appear and behave.
Custom pixel sizes: You can now pass specific width and height values in pixels to define the exact dimensions of your modal.
Runtime resizing: You can enable dynamic resizing by adding viewportSize: resizable to modal extension points in your manifest, or by passing resizable to the size prop in UI Kit and @forge/bridge modal.
What you need to do
As this feature is currently in preview, we encourage you to test these new configurations in your development environments:
For extension points: Update your manifest.yml to include the viewportSize: resizable attribute or viewportSize: { width, height } for relevant modules.
For UI Kit or Bridge: Update your modal calls to use supported css string values for width and height, or set the size prop to resizable.
For detailed implementation details, refer to the updated documentation:
As part of end of support for Connect app, we will be deprecating application property APIs.
When we reach Connect EOL, the following endpoints will be removed:
GET /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
PUT /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
DEL /repositories/{workspace}/{repo_slug}/commit/{commit}/properties/{app_key}/{property_name}
GET /repositories/{workspace}/{repo_slug}/properties/{app_key}/{property_name}
PUT /repositories/{workspace}/{repo_slug}/properties/{app_key}/{property_name}
DEL /repositories/{workspace}/{repo_slug}/properties/{app_key}/{property_name}
GET /repositories/{workspace}/{repo_slug}/pullrequests/{pullrequest_id}/properties/{app_key}/{property_name}
PUT /repositories/{workspace}/{repo_slug}/pullrequests/{pullrequest_id}/properties/{app_key}/{property_name}
DEL /repositories/{workspace}/{repo_slug}/pullrequests/{pullrequest_id}/properties/{app_key}/{property_name}
GET /users/{selected_user}/properties/{app_key}/{property_name}
PUT /users/{selected_user}/properties/{app_key}/{property_name}
DEL /users/{selected_user}/properties/{app_key}/{property_name}
We are updating the Marketplace Security Enforcement Policy to include new requirements for app lifecycle and maintenance. To ensure the Marketplace remains secure and trustworthy, all cloud apps must be actively maintained.
What's changing
To keep the Marketplace secure and trustworthy, every cloud app must be actively maintained. Apps that have not shipped a version update in more than 18 months will be considered unmaintained. These apps will be subject to review under the Cloud App Compliance program. While an unmaintained app is not automatically considered insecure, the 18-month mark serves as a mandatory lifecycle checkpoint. At this point, Atlassian will reassess whether the app continues to meet our security and compliance standards.
What you need to do
If your app is identified as unmaintained, you will be notified and given a defined window to either publish a compliant update or confirm your intent to maintain the listing.
Apps that are not brought back into compliance within that window may be hidden from the Marketplace and possibly subjected to actions detailed in our Marketplace Security Enforcement Policy
For apps with active installs, we will provide a transition period and notify affected customers before any removal. Limited, time-bound exceptions may be granted where justified.
For more details, see the Marketplace Security Enforcement Policy.
We've introduced a structured process for partners and Atlassian to jointly investigate security incidents affecting your app or the customer data it handles.
What's changing
Log sharing for Forge apps: Atlassian can now share incident-scoped platform logs and app telemetry with you during an investigation. This provides the data you need to diagnose and resolve issues faster.
A single reporting path: You can now report security incidents through the new developer support portal form. This form serves as the shared record for both you and Atlassian.
What you need to do
Review the program overview page to understand eligibility and support levels.
Ensure your security contact information is up to date in the partner account to ensure you are ready before an incident occurs.
Resource-restricted tokens are now available for all developers creating new 3LO apps.
When creating a new OAuth 2.0 (3LO) app via the Developer Console, you can now opt in to resource-restricted tokens. This ensures that access tokens issued for your app are scoped to only the specific Atlassian site a user explicitly selects during consent rather than granting broad access across all sites.
The onboarding guide for Resource restricted apps is available here:
https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/#oauth-2.0-(3lo)-apps
Forge SQL now inspects every query submitted by your app before it reaches the database. Queries that contain restricted functions, statements, or syntax are rejected with a new SQL_POLICY_VIOLATION error code before execution.
We’ve implemented this new policy to enforce the following:
Stricter compliance with standard ANSI SQL syntax.
Pre-emptive protection against SQL-based resource exhaustion and exploits.
Stable, predictable performance across all Forge apps using SQL storage.
New error code: SQL_POLICY_VIOLATION
If your app submits a query that uses a restricted function or pattern, the @forge/sql package will return an error with a code, message, and suggestion field to help you resolve the violation.
Restricted functions and statements
The following are now monitored and may trigger rejection:
Functions: SLEEP(), BENCHMARK(), COMPRESS(), UNCOMPRESS(), AES_ENCRYPT(), AES_DECRYPT(), SHA2()
Statements: ALTER USER, LOCK TABLES, USE <table>
Patterns: Unsupported optimizer hints, SET GLOBAL/SET INSTANCE, most SHOW statements, SQL-level PREPARE/EXECUTE/DEALLOCATE PREPARE, and multi-statement queries.
A subset of SET, SHOW, USE and optimizer hints remain permitted. See the SQL query policy documentation for the full allowlist.
What you need to do
Review your queries: If your app uses any restricted functions or syntax patterns, those queries will now be rejected at runtime.
Update error handling: Check for errorCodes.SQL_POLICY_VIOLATION alongside existing error codes to handle rejections gracefully.
If your app requires a restricted function for a valid use case, request an exemption through the Developer Support portal with your app.id, the query, and the use case.
Rate this page: