This page contains announcements and updates for developers from various products, platforms, and programs across Atlassian. It includes filter controls to make it easier to only see updates relevant to you.
To ensure you don’t miss any updates, we also provide RSS feeds. These feeds will take on any filters you applied to the page, and are a standardized way of keeping up-to-date with Atlassian changes for developers. For example, in Slack with the RSS app installed, you can type /feed <FEED URL> in any channel, and RSS updates will appear in that channel as they are posted.
Bitbucket Cloud is transitioning to API tokens to enhance security. As part of this transition, app passwords will be fully deprecated on Jul 28, 2026. To help you identify and migrate any remaining usage before the final removal, we are running a series of controlled brownouts starting Jun 9, 2026.
What’s changing:
During each brownout window, API requests authenticated using app passwords will fail with an HTTP 401 while Git-over-HTTPS operations authenticated using app passwords will fail with an HTTP 410.
What you need to do:
You must migrate to API tokens before Jul 28, 2026. API tokens offer improved security, expiration controls, and centralized management.
To create and use an API token:
Select your Profile icon, then select Account settings.
Select Security, then Create and manage API tokens, and then select Create API token.
Select Create API token with scopes.
Name the token, set an expiry date, select Bitbucket as the app.
Assign the necessary scopes and save the token.
Update your integration credentials, CI/CD pipelines, and local Git configurations with the new API token.
For detailed guidance, see the API token documentation.
Dates | Brownout duration per window | Brownout window start times (UTC) |
|---|---|---|
Jun 09, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 10, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 11, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 12, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 13, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 14, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 15, 2026 | 15 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 16, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 17, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 18, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 19, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 20, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 21, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 22, 2026 | 30 minutes | 00:00, 06:00, 12:00, 18:00 |
Jun 23, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 24, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 25, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 26, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 27, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 28, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 29, 2026 | 1 hour | 00:00, 06:00, 12:00, 18:00 |
Jun 30, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 01, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 02, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 03, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 04, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 05, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 06, 2026 | 2 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 07, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 08, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 09, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 10, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 11, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 12, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 13, 2026 | 3 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 14, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 15, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 16, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 17, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 18, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 19, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 20, 2026 | 4 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 21, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 22, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 23, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 24, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 25, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 26, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 27, 2026 | 5 hours | 00:00, 06:00, 12:00, 18:00 |
Jul 28, 2026 | Final removal |
|
As recently announced in Raising the bar on Marketplace cloud app security: together we are updating the Marketplace Security Bug Fix Policy to shorten vulnerability remediation timelines for Marketplace cloud apps. These changes ensure a higher security standard across our ecosystem.
What’s changing
The remediation Service Level Objectives (SLOs) for Marketplace cloud apps are being shortened. The timelines for Data Center apps remain unchanged.
Updated Cloud App SLOs (Enforceable September 1, 2026):
Critical: 10 days
High: 4 weeks
Medium: 12 weeks
Low: 25 weeks
Data Center App SLOs (Unchanged):
Critical: 12 weeks
High: 12 weeks
Medium: 12 weeks
Low: 25 weeks
Additionally, we have published the Marketplace Security Enforcement Policy, a consolidated source of truth for marketplace security compliance expectations, including vulnerability management, OAuth compliance, partner verification, bug bounty participation, and incident response.
What you need to do
Review the new timelines: Ensure your internal processes are updated to meet the new cloud app SLOs by September 1, 2026.
Check your tickets: We have corrected an issue where some AMS Data Center tickets incorrectly showed cloud remediation dates. If you believe a ticket still has an incorrect date, please raise an ECOHELP ticket.
Watch the policy page: The Marketplace Security Enforcement Policy is a living document, we recommend "watching" the page for future updates.
The useFlags() hook returned from FlagsProvider (in @atlaskit/flag) now exposes a new hideFlag(id) method on its API, allowing consumers to dismiss a previously shown flag by its id at any time — without needing to retain the DismissFn originally returned by showFlag().
This unlocks programmatic dismissal of flags from side-effects such as route changes, network responses, or parent unmounts, where holding onto the original DismissFn is impractical.
Migration: This is a backwards-compatible addition. Existing code using the DismissFn returned by showFlag() continues to work unchanged.
See the @atlaskit/flag examples on atlassian.design for usage.
Example usage
1
2
3
4
5
6
7
const { showFlag, hideFlag } = useFlags();
// Show a flag.
showFlag({ id: 'my-flag', title: 'Saved', icon: <SuccessIcon /> });
// Later, dismiss it programmatically from anywhere.
hideFlag('my-flag');hideFlag is a no-op if no flag with the given id is currently shown.
We are adjusting how some JQL features behave to keep search fast and reliable. Queries using functions membersof() and aqlFunction() that expand to very large sets will return an error identifying the clause to adjust. For comments, worklogs, and issue history (searches using operators WAS or CHANGED), JQL searches cover only the most recent entries per issue.
Jira data and permissions are unchanged.
Effective date: Aug 18, 2026
This update affects search behavior only. Group- and asset-based functions that fetch over 10,000 items will not run. Time-ordered content (comments, worklogs, history) remains available in Jira without any changes, but JQL operates on the most recent 1,000 items per issue. The table below lists the thresholds, what occurs, and how to adjust queries.
Function / clause | Threshold | What happens | How to mitigate |
|---|---|---|---|
| 10,000 matched assets per function | Query returns a clear error | Refine AQL/IQL; add selective criteria; split broad schemes. |
| 10,000 resolved users per function | Query returns a clear error | Use smaller groups; split umbrella groups; |
| 10,000 resolved users per function | Query returns a clear error | Reduce org size in queries; prefer labels/custom fields. |
Issue history (JQL using operators | 10,000 searchable changes per issue | Search covers the most recent changes only. | Rely on recent activity; use issue view/exports for older changes. |
Comments | 1,000 searchable comments per issue | Search covers the most recent comments only. | Rely on recent activity; use issue view/exports for older changes. |
Worklogs | 1,000 searchable worklogs per issue | Search covers the most recent worklogs only. | Rely on recent activity; use issue view/exports for older changes. |
Text field | First 50 characters used | Sorting uses only the first 50 characters. | Add sorting by updated/created or other fields. |
We are introducing rate limits for Forge Realtime to ensure the stability and reliability of the service for all apps.
What’s changing
Starting June 26, 2026, a rate limit of 50 requests per app installation per second will be enforced for Forge Realtime. For more information, see our rate limit documentation.
Based on our current telemetry, no existing Forge apps exceed this limit, so we do not expect any immediate impact on your app's performance. This change is a proactive measure to maintain service health.
What you need to do
Review your app's use of the Realtime Events API and Bridge API Realtime method to ensure your request frequency remains within the new limit.
If you anticipate needing a higher rate limit for a specific use case, please reach out via the developer support portal.
As Connect approaches end of support in December 2026, we are starting to roll out customer messaging in the admin experience to inform admins when an installed app runs on a soon to be unsupported platform, Connect. Following on from our previous announcement, this messaging will gradually rollout over the next week to be live in production for non-public apps only and is scoped to the admin experience, end users will not see any notices at this stage.
On Jun 2, 2026, we will enable customer messaging on Developer Canary tenants for public apps. This will include notices in admin facing experiences so enrolled partners can preview the exact messaging their customers will see and have the chance to adopt the new connectToForgeMigration module in their manifest before it goes live in production.
If your app has yet to migrate fully to Forge (or has a migration plan), you can adopt the new connectToForgeMigration module in your Forge manifest (docs here). This module lets you provide a URL to your migration guidance, which will be surfaced directly in the messaging customers see, replacing the generic notice with app-specific information.
What you need to do:
If your app is in the Developer Canary Program, expect to see customer messaging on your canary tenants starting Jun 2, 2026.
Adopt the connectToForgeMigration module in your manifest to customise the guidance your customers will eventually see.
Production rollout for public apps is planned to start in July. You will receive at least one week's advance notice before that happens. There will be an extended rollout of this messaging across 3 months. From September onwards, all customers with apps installed that use any Connect modules will see this messaging.
The Forge CLI now supports specifying a limit when starting a bulk-upgrade workflow.
1
forge bulk-upgrade start --limit 100This limit can also specified in non-interactive mode.
1
forge bulk-upgrade start --non-interactive --from-version 2 --to-version 3 --limit 100If the limit parameter is not specified, the CLI will prompt you for a limit as part of its interactive flow.
The Forge CLI will also now indicate when the number of eligible installations exceeds the number that can be performed in a single workflow.
Forge LLMs will move from EAP to Preview on Jun 1, 2026, making it available to all Forge developers as a billable capability.
To ensure a clean cutover, EAP access will be disabled on May 29, 2026 at 00:00 UTC. From Jun 1, 2026 , all Forge LLM usage will be billed.
We are also deprecating the following older model versions, which will not be included in Preview:
claude-sonnet-4-20250514
claude-opus-4-1-20250805
claude-opus-4-5-20251101
What you need to do
• Review the Forge LLMs pricing to understand how credits and billing work.
• Ensure your apps are added to a developer space with active billing details to continue using Forge LLMs on June 1st.
For more information, see the Forge LLMs reference documentation.
We've introduced the Tile component for Forge UI Kit apps, now available in Preview. The Tile component is a rounded square container for displaying assets like emojis, or objects in a consistent, styled way.
The component supports various sizes (from 16px to 48px), customizable background colors using design tokens, optional borders, and adjustable internal padding for different asset types including third-party logos.
For implementation details and examples, see the Tile component documentation.
The Forge CLI downloads app templates from a CDN when running forge create. As part of our ongoing security and reliability improvements, this CDN URL is being deprecated and replaced with a new one.
What's changing:
Old URL (deprecated): https://forge-templates.us-west-2.prod.public.atl-paas.net/
New URL: https://forge-templates-bifrost.prod-east.frontend.public.atl-paas.net/assets/
When:
Effective from @forge/cli@12.20.1: the CLI fetches templates from the new URL.
End of support for old URL: 2026-11-26 (6-month deprecation period, per the Forge deprecation policy).
Who is affected:
Developers running Forge CLI versions older than 12.20.1 that reference the legacy templates URL.
Enterprise environments with firewall allow-lists that include the old CDN domain.
Action required:
Update your Forge CLI to @forge/cli@12.20.1 or later: npm install -g @forge/cli@latest
If you maintain a corporate firewall allow-list, add forge-templates-bifrost.prod-east.frontend.public.atl-paas.net to your permitted domains. You can safely remove forge-templates.us-west-2.prod.public.atl-paas.net after 2026-11-26. Refer to Use the Forge CLI on a corporate network for the full list of required outbound connections.
No changes to app code or manifests are required.
More details: Use the Forge CLI on a corporate network
New UI Kit components for managing file upload are now in preview:
File picker: allows the user to select files stored locally.
File card: displays information about a file (including name, type, and size); this can be used to managed selected files and displaying upload progress.
See how to implement these in our example app.
A new RFC is ready for review at RFC-136
The new headingLevel prop for @atlaskit/section-message will allow for a more accessible heading structure when using the title prop. See the W3C headings page for more information on how to nest headings correctly.
We're introducing three new APIs that let org admins programmatically manage approved-domain app access settings: App access settings.
These APIs complement the existing read-only endpoints in the same group, closing the gap for customers who manage many orgs or want to script onboarding/offboarding flows that previously required the Admin Hub UI.
POST /admin/v2/orgs/{orgId}/app-access-settings/domains — Register a new approved domain for the org, optionally with an initial set of product configurations.
PUT /admin/v2/orgs/{orgId}/app-access-settings/domains/{domain} — Replace the per-product configuration on an existing domain (full replace; products not in the request body are removed).
POST /admin/v2/orgs/{orgId}/app-access-settings/domains/{domain}/products — Add or update a single product configuration on a domain, leaving any other products on that domain untouched.
All three endpoints accept and return the same AppAccessSettingsDomainDetail shape used by the existing GETs.
Same as the existing GETs: OAuth scopes manage:org-data:atlassian-admin (or equivalent admin scope), or Atlassian API tokens with the org-admin role.
Shared per-org budget with the existing GETs.
Fully additive. No existing endpoints, fields, or behaviours are changed.
Rate this page: