We’ve introduced a platform-level URL persistence and redirect feature for apps migrating from Connect to Forge. Jira and Confluence will now accept legacy Connect URLs (including full path, query parameters, and fragments) and transparently redirect them to the corresponding Forge app module. For more information on how it works, please see the documentation here.

You can now nominate genuine migration blockers or major customer‑impact risks via the “Request review” flow on FRGE issues.

This flow will allow us to triage and assess requests to address remaining blockers to Forge migration before Connect end of support in December 2026. We’ll review requests over 3 monthly cycles, then freeze decisions.

Please review for existing tickets before creating new FRGE tickets. You may also review the announcement.

Effective March 2, 2026, we are starting the phased enforcement of points-based quota rate limits for Jira and Confluence Cloud REST APIs. The rollout will begin with a small percentage of apps and gradually expand over several weeks, allowing us to closely monitor progress and minimize any disruption. API requests will start consuming points based on the work they perform, with app-level quotas applied consistently across two tiers:

1. Global Pool (Tier 1)

2. Per-Tenant Pool (Tier 2)

All Forge, Connect, and OAuth 2.0 (3LO) apps are in scope. API token-based traffic is not affected. The vast majority of apps are already operating well within these limits and will not be affected.

• To learn whether points-based quota enforcement has started for your app, inspect your API response headers. Quota-related headers with a Beta- prefix (e.g., Beta-RateLimit-Policy: "global-app-quota") indicate enforcement has not yet begun for your app. When enforcement begins, these transition to their non-prefixed equivalents (e.g., RateLimit-Policy: "global-app-quota").

• Jira REST APIs use multiple rate-limiting systems (quota, burst) that are transitioning to a unified structured headers(Beta-RateLimit, Beta-RateLimit-Policy)independently. The Beta- prefix on a header indicates that the system has not yet transitioned to production for your app. Use the policy name in the header (e.g., "global-app-quota" or "tenant-app-quota" for quota and for burst"jira-burst-based" ) to identify which system a header belongs to. Additional rate limit policy transitions to this unified header will be announced separately.

• We plan to discontinue sending quota rate limit values via the X-RateLimit-* headers in the future. A timeline will be published separately.

For full details on how points are calculated, quota tiers, unified header format and values, and best practices for handling rate limits, please refer to:

• Jira Cloud Platform rate limits

• Confluence Cloud rate limits

Following this deprecation announcement on Feb 17, 2026, the Connect Inspector Service is now decommissoned.

We recommend migrating to Atlassian Forge for a more robust Events model, as Atlassian Connect will reach end of support in December 2026.

Developers who still need similar functionality can use the open‑sourced version of the tool.

We are introducing baseline security requirements for Atlassian Government Cloud (AGC) apps, which will take effect on Mar 31, 2026. If you have any questions regarding these new standards, please contact us here: https://ecosystem.atlassian.net/servicedesk/customer/portal/34/group/109/create/579

We’re also publishing our annual update to the general Cloud App Security Requirements for 2026, which includes new provisions for AI security, data protection, and supply chain security. See More details for highlights on this update.

We've introduced two new components to UI Kit, now available in Preview: AtlassianTile and AtlassianIcon. Use these components to display Atlassian object type icons—such as stories, tasks, epics, blogs, and more—with consistent styling that aligns with the Atlassian Design System.

Both components provide fixed color, size, and styling options for Atlassian object types. Any updates to icon or tile styling in the Atlassian Design System are automatically reflected in your app.

For implementation details and examples, see the Atlassian icon and Atlassian tile component documentation.

The Connect Inspector service is moving to open source and also being deprecated. This service will no longer allow the creation of new temporary apps. Already registered temporary apps will stop recording new events, and old events will be deleted. Any apps already installed on developer sites will not be uninstalled.

We previously announced on 18 December 2025 that the cleanHistory field in the Confluence Content Redaction APIs would be deprecated on 30 June 2026, and that the field would move from required to optional.

After further review, we’ve decided not to proceed with this deprecation. The cleanHistory field will not be deprecated at this time, and the field will remain optional. The behavior of the Content Redaction APIs remains unchanged.

• The deprecation of the cleanHistory field previously announced in 18 December 2025 is no longer happening.

• The cleanHistory field will continue to be supported in the Confluence Page and Blogpost Redaction APIs.

• We are not making any breaking changes to how redaction requests are processed.

• Existing implementations that include the cleanHistory field will continue to work as they did before the deprecation announcement.

• You do not need to change how you call the Content Redaction APIs as a result of the previously announced deprecation.

• If you already updated your integration to treat cleanHistory as optional or removed it from requests, those implementations will continue to function, but these changes are no longer required.

No action is required at this time. If we decide to revisit this deprecation in the future, we’ll provide advance notice and clear migration guidance via the Confluence Cloud changelog.

We’ve added a new rovo.isEnabled method to the Forge UI bridge API. This method returns a boolean indicating whether Rovo is enabled for the tenant. You can use it alongside the existing rovo.open method to conditionally invoke Rovo only when it’s available.

For more information, see the updated documentation for the Rovo bridge methods.

We've added optional height and width properties to the Frame component in UI Kit. Apps can now set explicit dimensions in pixels or percentages, instead of relying on automatic resizing. This gives you more control over your app's layout.

For more information, see the updated documentation for the Frame component.

We're introducing new Beta rate-limit headers on Jira and Confluence REST APIs for points-based quota limits. These headers follow a unified, structured model aligned with standards on rate-limiting headers. They are informational only, they do not trigger enforcement or throttling. They are additive, and existing X-RateLimit-* headers continue to be returned.

• Beta-RateLimit-Policy – policy definition

  • A static header that describes the rate-limit policy applied to the request.

Example: Beta-RateLimit-Policy: "global-app-quota";q=65000;w=3600

• Beta-RateLimit – per‑response usage

  • A dynamic response header that provides usage signals for applicable rate-limit policies

    • Example: Beta-RateLimit: "global-app-quota";r=13000;t=600

When these two headers are returned without the Beta- prefix (RateLimit, RateLimit-Policy), points-based quota limits are actively enforced, and requests may be rate limited. For points-based quota enforcement, only RateLimit and RateLimit-Policy are used , the existing X-Beta-RateLimit-* and X-RateLimit-* headers will not be used. Standard HTTP headers such as Retry-After continue to apply where relevant.

For full details, including policy definitions and usage semantics, see the Jira Rate Limiting documentation here https://developer.atlassian.com/cloud/jira/platform/rate-limiting/ and Confluence Cloud Rate Limiting documentation here https://developer.atlassian.com/cloud/confluence/rate-limiting/

You can now set custom colors for UI Kit Visualisation charts. You can either set a color theme or assign colors to attributes. This can be done by passing the prop colorPalette into your chart.

For an example of how to implement this, please see the Forge UI Kit example app at https://bitbucket.org/atlassian/ui-kit-charts-example/src/master/.

For more information, see documentation.

We are extending the deprecation period of the Convert content body v1 REST API in Confluence Cloud to Aug 5, 2026 .

This API was originally scheduled for removal on Feb 1, 2026. We also advised that affected developers use the Asynchronously convert content body endpoint instead. However, we’ve discovered some issues that may prevent them from doing so (please refer to CONFCLOUD-82501 for details and updates on this).

We expect to have all related issues addressed before this new deprecation period ends.

Forge app REST APIs let your app expose its own HTTP endpoints so that external systems can call your app code running on Forge.

These Forge app REST APIs are secured with developer-defined scopes and use 3LO (OAuth 2.0) for authentication and authorization. You define the endpoints in your app manifest using the apiRoute module.

This capability is currently in Preview and is available for Jira and Confluence Forge apps. This is currently not available in Isolated Cloud.

We are extending the deprecation window for the following internal API that we previously announced would be removed from Confluence Cloud.

• /download/attachments/{id}/{id}

This endpoint is still available via API token access in Confluence Cloud, and will remain available for 3 months from today until Apr 14, 2026, when we will remove API token access and such requests fail. All other endpoints from the announcement are still removed as stated.

Key Dates:

• Deprecation announcement: Jan 15, 2026

• Removal date: Apr 14, 2026

Why is this happening?

• This API is not intended public use and is not supported.

What will happen?

• On and after the removal date, all API token access requests to the listed endpoints will fail.

Action Required

• Before the removal date, we recommend migrating to the Get URI to download attachment endpoint as an alternative.