Rate this page:
This changelog is the source of truth for all changes to the Bitbucket API and Bitbucket Connect API that affect people using Bitbucket Cloud and developing Bitbucket Cloud apps.
To ask any questions related to Bitbucket Cloud development please visit the Bitbucket Cloud developer community.
Bitbucket Forge apps will now provide the
workspaceId field, available within the context retrieved from the
getContext function. We’ve updated the
FullContext type to reflect this.
When a Bitbucket Forge app invokes the Forge resolver, it will also include the
workspaceId in the context.
Signing redirect URIs improves security by allowing developers to ensure authenticity and integrity of redirect requests. The JWT will include a query string hash (QSH) and is signed using the Connect app shared secret.
The QSH hashes the canonical request of the redirect (excluding the
jwt URL parameter), and can be used to verify URL parameters haven’t been tampered with. Verifying the JWT signature with your app’s secret will ensure the request originated from Bitbucket Cloud.
If you're parsing the query parameters on the redirect URI in a such a way that breaks on unexpected parameters, you will need to update your code so that the new
jwt parameter is handled or ignored.
To start validating installation redirects, follow the steps in Exposing a service from our authentication documentation.
We've improved the Forge CLI to better integrate with Bitbucket app development.
You can now install your app into Bitbucket using the
forge install command.
Additionally, we've introduced templates for the currently available Bitbucket modules. These can be used when creating new apps via the
forge create command.
We're working on enabling developers to build Bitbucket apps on Forge. In line with this, we're launching this Bitbucket integration under Forge's Early Access Program (EAP) through a series of modules, events, and APIs.
You can start using these capabilities to build apps and deploy them to any environment (including
PRODUCTION). Like all EAP features, these capabilities are still under active development, and as such are not supported. We strongly recommend that you exercise caution in deploying and using Bitbucket apps outside of test workspaces.
Forge apps can’t be installed on personal workspaces. You’ll have to install them on a shared Bitbucket team workspace.
forge lint --fix command can't apply scopes required any Bitbucket APIs called by your app.
We’re working on addressing this limitation for our next release milestone. If we fix them before then, we’ll announce it through the Forge changelog.
EDITS: we updated this changelog on the following dates by removing some limitations listed on our initial release.
Nov 24, 2023: Previously, you couldn’t distribute your Bitbucket Forge apps via the developer console. We’ve since addressed this limitation; you can now distribute Bitbucket apps on Forge via the installation link in the developer console. Refer to this changelog for more information.
Nov 20, 2023: We now feature several Forge templates you can use for your Bitbucket apps. Refer to this changelog for more information.
Bitbucket modules lists all available modules for your Forge apps.
Bitbucket events lists all events that your app can subscribe to.
The requestBitbucket section lists all the Bitbucket APIs that you can access through the https://developer.atlassian.com/platform/forge/runtime-reference/fetch-api/ .
We also published two tutorials for building Bitbucket apps using these capabilities:
We want to hear about your experience building Bitbucket apps on Forge! To report bugs or provide feedback on these EAP capabilities, visit the Bitbucket Cloud x Forge - EAP community group.
Bitbucket Pipelines operates in a Kubernetes-based infrastructure environment, and our internal execution environment leverages Containerd by default for all customers in a transparent manner.
A small number of users have been provisioned onto Docker based runtime infrastructure after a specific exemption was applied by Customer Support; it’s now time to retire that infrastructure.
A runtime change does not impact your ability to build containers using the Docker CLI, the primary impact is if you’re using out-of-date Docker tooling, or tooling that leverages deprecated Docker APIs
The Docker project has been committed to the Containerd project for a number of years Extending Docker’s Integration with containerd | Docker
Bitbucket Cloud now features Project and Workspace Access Tokens, which are similar to the recently released Repository Access Tokens, providing access to a single project or workspace and all the repositories under that resource. These tokens can be used to authenticate with Bitbucket APIs for scripting, CI/CD tools, Bitbucket Cloud-connected apps, and Bitbucket Cloud integrations.
Workspace admins can set a Project or Workspace Access Token’s access level through permission scopes during creation. Each token is linked to a project or workspace; preventing them from being used to access any repositories outside the specific project or workspace.
To start using Project Access Tokens, visit a Bitbucket Cloud project you have admin access to, and navigate to Project settings > Security > Access tokens. For Workspace Access Tokens, navigate to the Workspace view, then select Settings > Security > Access tokens.
For details, see:
On January 18, 2023, we'll be extending the length of API tokens for Atlassian accounts, API keys, and Repository Access Tokens. This ensures new tokens and keys generated after this date are more secure and reliable. Tokens and keys created before January 18, 2023 won’t be affected.
Bitbucket Cloud now features Repository Access Tokens, a new form of authentication that provides access to a single repository. These tokens can be used to authenticate with Bitbucket APIs for scripting, CI/CD tools, Bitbucket Cloud-connected apps, and Bitbucket Cloud integrations.
Repository admins can set a Repository Access Token’s access level through permission scopes during creation. Each token is linked to its repository, not a user or workspace; this prevents them from being used to access any other repositories or workspaces.
To start using Repository Access Tokens, select Repository Settings > Security > Access Tokens on your repository.
For more information, see:
Repository Access Tokens (Bitbucket Cloud documentation)
To support the development of a new feature, we're introducing a new subtype of the
Account definition called
App User into the Bitbucket Cloud API. After a 6-month deprecation period, ending on Feb 9, 2023, any API which documents an
Account type can start returning
App User objects, along with the currently expected
Read more about the impact of the changes here: https://developer.atlassian.com/cloud/bitbucket/announcement-introducing-app-user/
Bitbucket is deprecating support for Personal Connect apps on January 1, 2023. This is an uncommon type of Connect app that installs into a user’s personal account rather than the workspace.
Below you can find more information about this change, as well as steps to update your app.
Personal Connect apps are a type of Bitbucket Connect app that is installed into the user’s personal account - as opposed to the typical Connect app that is installed into a Bitbucket workspace. As such, Personal Connect apps ‘follow’ users around as they navigate content across different workspaces.
From January 1, 2023, Bitbucket will no longer support Personal Connect apps. Their installation will be blocked. Soon after, Personal Connect apps will be removed from users' accounts. After this, the only valid Bitbucket Connect context type will be “account”.
This is part of an ongoing effort to give workspace admins more control over which integrations can access their data. Additionally, simplifying our Connect framework will help us create and roll out new features to customers faster.
If you're an app developer that maintains a personal Connect app, we suggest converting your app into a workspace Connect app. This will effectively reduce the reach of your app to the workspace of the user, rather than any workspace that the user can access.
In order to do this, you will need to update your Connect descriptor to change its
"contexts" attribute from
["account"]. This change will then be applied to new installations of your app.
To apply this change to existing installations you have 2 options:
Your users can apply the change manually, if they update your app through the “Installed Apps” section under workspace settings.
Alternatively, you can apply this change to all of your existing installations by updating each installation through the REST API. You can find more info at https://developer.atlassian.com/cloud/bitbucket/rest/api-group-addon/#api-addon-put.
As a user, check if any of your installed apps are “personal” apps by navigating to your workspace settings > Apps and Features > Installed Apps. For each app you can see the installation context (
You can also contact your app vendor to learn more about the recommended upgrade path.