This page includes release notes and updates for Compass app developers. Use this page to keep track of new features, upcoming changes and deprecation notices about the Compass developer platform and GraphQL API.
If you're new to building apps for Compass, check out Get started building Compass apps to begin your journey.
For updates about changes to the Forge platform, see the Forge changelog in the Forge documentation.
You may also be interested in the What's New blog for Atlassian Cloud where we announce new product features and other major changes affecting all users of Compass.
We are introducing baseline security requirements for Atlassian Government Cloud (AGC) apps, which will take effect on Mar 31, 2026. If you have any questions regarding these new standards, please contact us here: https://ecosystem.atlassian.net/servicedesk/customer/portal/34/group/109/create/579
We’re also publishing our annual update to the general Cloud App Security Requirements for 2026, which includes new provisions for AI security, data protection, and supply chain security. See More details for highlights on this update.
Key additions to the general Cloud App Security Requirements include:
AI Security: New requirements for apps using Forge Rovo actions and agents, including validating action inputs as untrusted, implementing permission checks for admin-level actions, and accurately configuring actionVerb values.
Data Protection:
External OAuth2 clients must use Forge's OAuth2 Providers and be configured as confidential clients where supported.
Application logs must strictly exclude PII, credentials, and sensitive data.
Apps must ensure strict tenant isolation during runtime.
Apps must not execute arbitrary code by spawning child processes (e.g., using Node.js child_process).
Application Security:
Apps using Forge SQL must use parameterized queries to mitigate SQL injection risks.
Updated guidance on Content Security Policy (CSP) regarding unsafe-inline and unsafe-eval directives.
Runtime Security:
Apps must not use EOL (end-of-life) Node.js runtimes.
We've introduced two new components to UI Kit, now available in Preview: AtlassianTile and AtlassianIcon. Use these components to display Atlassian object type icons—such as stories, tasks, epics, blogs, and more—with consistent styling that aligns with the Atlassian Design System.
Both components provide fixed color, size, and styling options for Atlassian object types. Any updates to icon or tile styling in the Atlassian Design System are automatically reflected in your app.
For implementation details and examples, see the Atlassian icon and Atlassian tile component documentation.
We’ve added a new rovo.isEnabled method to the Forge UI bridge API. This method returns a boolean indicating whether Rovo is enabled for the tenant. You can use it alongside the existing rovo.open method to conditionally invoke Rovo only when it’s available.
For more information, see the updated documentation for the Rovo bridge methods.
We've added optional height and width properties to the Frame component in UI Kit. Apps can now set explicit dimensions in pixels or percentages, instead of relying on automatic resizing. This gives you more control over your app's layout.
For more information, see the updated documentation for the Frame component.
You can now set custom colors for UI Kit Visualisation charts. You can either set a color theme or assign colors to attributes. This can be done by passing the prop colorPalette into your chart.
For an example of how to implement this, please see the Forge UI Kit example app at https://bitbucket.org/atlassian/ui-kit-charts-example/src/master/.
For more information, see documentation.
As announced in July 2025, a number of glyphs for the Icon component will now be removed.
The following UI Kit components are now generally available:
Comment, which displays discussions and user feedback.
Pressable, which is a primitive for building custom buttons.
CommentEditor, provides a contained comment editor UI with a simple toolbar.
ChromelessEditor, provides a simple text editor that does not have a toolbar.
For more information, see the component documentation.
To access these components, you will need to update your app to the latest version of @forge/react. In the terminal of your project directory, run:
npm install --save @forge/react@latest
Following the Preview release, the Forge Automation Actions is now generally available. The Automation action module allows you to extend the Automation Platform and add new Forge-based actions to your app. With this release Forge Actions can now output smart values, enabling seamless data flow and dynamic automation.
For more information, see the Forge Automation Action module documentation.
Forge platform will be undergoing maintenance in commercial production on November 23, 2025 for approximately 1 minute between 5:30-6:30am UTC
During this interval, below capabilities will not be available intermittently:
Create/update/delete apps
Deploy apps
Install/uninstall/upgrade apps
App invocations will continue to work for existing users of the apps. However, new customers might not be able to use apps as consent process will be impacted during this interval as well.
The ability to build Forge apps that are compatible with multiple Atlassian apps is now available in Preview. This feature allows you to declare compatibility in your app’s manifest and enables your app to be installed and used across Jira, Confluence, and Compass.
For more information, see App compatibility.
The following flows are available for testing in this Preview:
Create, deploy, and install an app via the CLI
Distribute the app via a direct distribution link
View and connect/disconnect compatible Atlassian apps in Connected Apps
Add the app to Marketplace
Important considerations:
Customer release (GA) is planned for the end of January 2025.
Until GA: We recommend keeping Marketplace apps private, as customer-facing changes are not yet available (admins currently only see the required app in the consent screen when installing).
For guidance on migrating existing apps, see our migration guidelines.
When defining resolvers, the front-end code can share the types with the backend so the invocation interface is type-safe. This helps catch potential errors during compilation.
Forge Automation Actions is now available in Preview. This feature allows you to extend the Automation Platform and add new Forge-based actions to your app. During Preview, the Automation Actions in your app can be used in production environments.
For more information, see the Forge Automation Action documentation and share your feedback to help us improve
Forge platform will be undergoing maintenance in commercial production on October 12, 2025 for approximately 1 minute between 3-4am UTC
During this interval, below capabilities will not be available intermittently:
Create/update/delete apps
Deploy apps
Install/uninstall/upgrade apps
App invocations will continue to work for existing users of the apps. However, new customers might not be able to use apps as consent process will be impacted during this interval as well.
Forge platform will be undergoing maintenance:
in FedRAMP production on September 21, 2025 between 5-6am UTC
in commercial production on September 28, 2025 between 5-6am UTC
During this interval, below capabilities will not be available intermittently:
Create/update/delete apps
Deploy apps
Install/uninstall/upgrade apps
App invocations will continue to work for existing users of the apps. However, new customers might not be able to use apps as consent process will be impacted during this interval as well.
The allow-popups attribute of the sandbox directive (content security policy) is now supported in Forge Custom UI and UI Kit apps when using * as your client egress configuration. This enables external content (such as those from 3rd party integrations) to open properly in new tabs instead of being blocked by browser security restrictions.
With this enhancement, external content will open in a new browser tab while keeping your Forge app running.
For more information, see the valid domain formats documentation.
Rate this page: