This page includes release notes and updates for Confluence Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Confluence Cloud.
For updates about changes to the Forge platform, see the Forge changelog in the Forge documentation.
You can also ask questions and learn from other Confluence Cloud developers on the Atlassian Developer Community.
You can now set custom colors for UI Kit Visualisation charts. You can either set a color theme or assign colors to attributes. This can be done by passing the prop colorPalette into your chart.
For an example of how to implement this, please see the Forge UI Kit example app at https://bitbucket.org/atlassian/ui-kit-charts-example/src/master/.
For more information, see documentation.
We are extending the deprecation period of the Convert content body v1 REST API in Confluence Cloud to Aug 5, 2026 .
This API was originally scheduled for removal on Feb 1, 2026. We also advised that affected developers use the Asynchronously convert content body endpoint instead. However, we’ve discovered some issues that may prevent them from doing so (please refer to CONFCLOUD-82501 for details and updates on this).
We expect to have all related issues addressed before this new deprecation period ends.
Forge app REST APIs let your app expose its own HTTP endpoints so that external systems can call your app code running on Forge.
These Forge app REST APIs are secured with developer-defined scopes and use 3LO (OAuth 2.0) for authentication and authorization. You define the endpoints in your app manifest using the apiRoute module.
This capability is currently in Preview and is available for Jira and Confluence Forge apps. This is currently not available in Isolated Cloud.
To learn how to expose REST APIs in your Forge app, see Expose Forge app REST APIs. For a step-by-step tutorial on configuring a 3LO integration to access exposed REST APIs, see Access REST APIs exposed by a Forge app.
We are extending the deprecation window for the following internal API that we previously announced would be removed from Confluence Cloud.
/download/attachments/{id}/{id}
This endpoint is still available via API token access in Confluence Cloud, and will remain available for 3 months from today until Apr 14, 2026, when we will remove API token access and such requests fail. All other endpoints from the announcement are still removed as stated.
Key Dates:
Deprecation announcement: Jan 15, 2026
Removal date: Apr 14, 2026
Why is this happening?
This API is not intended public use and is not supported.
What will happen?
On and after the removal date, all API token access requests to the listed endpoints will fail.
Action Required
Before the removal date, we recommend migrating to the Get URI to download attachment endpoint as an alternative.
As announced in July 2025, a number of glyphs for the Icon component will now be removed.
We have now postponed enforcement of the new point-based rate limits for Jira and Confluence REST APIs to March 2, 2026.
What's changing
Enforcement of point-based rate limits has been postponed from February 2, 2026 to March 2, 2026.
As previously announced in CHANGE-2958, the new rate limiting system will now be enforced starting March 2, 2026.
What you need to know
No action is required at this time.
Continue to monitor the changelogs for further announcements and updates.
For more information about rate limiting, see:
We’ve added a new query parameter include-public-link to the v2 Get page by ID API endpoint that allows for optional fetching of Public Link data related to the given page.
By default, this property will not be included in the response unless specified.
EDIT, 23 Jan, 2026 : This announcement has been updated with minor clarifications relating to the affected types of apps.
Forge apps can now run for guest and anonymous users in Confluence. This means your apps will work on publicly accessible pages and for users who don't have a full Confluence license.
By default, Forge apps only run for licensed Confluence users. To allow your app to serve guest and anonymous users, add the unlicensedAccess property to your modules in manifest.yml.
Confluence has two types of unlicensed users that Forge apps can serve:
User type | Manifest value | Description |
|---|---|---|
Guest |
| Users with an Atlassian account who have limited access to a single Confluence space. Guests are authenticated but don't consume a paid license. |
Anonymous |
| Users who are not logged in. This includes anyone on the internet viewing public content. |
The following Confluence Forge modules support guest and anonymous access:
Add the unlicensedAccess property to your module in manifest.yml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
modules:
macro:
- key: my-macro
resource: main
resolver:
function: resolver
title: My Confluence Macro
unlicensedAccess:
- unlicensed # Allow guest users
- anonymous # Allow anonymous users
function:
- key: resolver
handler: index.handler
resources:
- key: main
path: static/hello-world/build
app:
id: ari:cloud:ecosystem::app/your-app-id
Confluence Cloud has a limitation on Public Links
Note that when using Public Links, Confluence Cloud has limited the amount of macros that can be accessed by anonymous users. The access currently is restricted only to the following: https://support.atlassian.com/confluence-cloud/docs/how-secure-are-public-links/#:~:text=Public%20visitors%20can%20only%20view%20the%20following%20macros%3A In case you need to access custom macros, vote for the following suggestion: https://jira.atlassian.com/browse/CONFCLOUD-78430
Frontend bridge calls using requestConfluence() from @forge/bridge will fail for unlicensed users because these methods call APIs as the current user and require proper user authentication. Unlicensed users (including anonymous and unlicensed user types) don't have the authentication context needed for these API calls, so these methods will return authentication errors.
Instead of using frontend bridge calls, use backend resolvers with api.asApp().requestConfluence() to make API calls for unlicensed users. The asApp() context uses your app's service account authentication, which works regardless of the user's license status.
For more information
The cleanHistory field will be deprecated on June 30, 2026. As part of this deprecation, we’re changing the cleanHistory field in Content Redaction API requests from required to optional.
Existing implementations that include the cleanHistory field will continue to function during the deprecation period. However, we recommend that you start implementing the following changes for any apps impacted by this change:
Update your API client to treat cleanHistory as an optional field.
Use the versionNumber field to specify the historical version you want to redact.
Remove the cleanHistory parameter from your redaction requests.
The following UI Kit components are now generally available:
Comment, which displays discussions and user feedback.
Pressable, which is a primitive for building custom buttons.
CommentEditor, provides a contained comment editor UI with a simple toolbar.
ChromelessEditor, provides a simple text editor that does not have a toolbar.
For more information, see the component documentation.
To access these components, you will need to update your app to the latest version of @forge/react. In the terminal of your project directory, run:
npm install --save @forge/react@latest
We are changing the way we measure rate limits across Jira and Confluence Cloud for all free and paid apps. A phased enforcement of the new rate limits will begin on February 2nd, 2026.
When the phased enforcement begins, API requests then start consuming points based on the work they perform, such as the data (objects) returned or operations triggered. Each request starts at a base point of 1 point, with additional points for each object involved.
We’re also introducing two types of app-level quotas (tiers) that apply consistently across the Atlassian platform for all apps.
It’s important to note that the vast majority of free and paid apps do not require any changes and are already operating within these limits. We’ve also reviewed usage and upgraded eligible apps to a higher tier where appropriate.
If your app requires additional capacity in the future, rest assured we will provide clear pathways to request for this. For more information, please refer to the following documentation:
Here’s how the points-based limiting works.
Points-based measurement | API requests consume points based on the work they perform, such as the data (objects) returned or operations triggered. Each request starts at a base point of 1 point, with additional points for each object involved. |
|---|---|
Two-tier quota system | Apps start in Tier 1 - Global Pool, with a shared hourly quota across all tenants. Apps with consistently high or concentrated usage may qualify for Tier-2 Per‑Tenant Pool, which provides dedicated hourly quotas per tenant. |
Points-based costs | Different objects have different point values:
|
Hourly quotas by edition | Quotas reset at the top of each UTC hour. Per-tenant pool quotas vary by customer edition and number of users. |
Here are the benefits for you:
Fairer limits, heavy operations use more quota than simple ones.
This provides more predictable API usage planning and scaling.
This gives you better visibility through detailed rate limit headers.
The vast majority of free and paid apps already operating well within the new limits.
Some updates you need to know:
Updates to the RateLimit-Reason header with new reasons:
jira-quota-global-based, which refers to the Global pool limits being breached in Jira
jira-quota-tenant-based, which refers to the Per Tenant pool limits being breached in Jira
confluence-quota-global-based, which refers to the Global pool limits being breached in Confluence
confluence-quota-tenant-based, which refers to the Per Tenant pool limits being breached in Confluence
Updates to the developer documentation regarding rate limit quotas for different tiers in both Jira and Confluence
Planned updates to the developer console to show which tier your app belongs to ahead of the enforcement
Following the Preview release, the Forge Automation Actions is now generally available. The Automation action module allows you to extend the Automation Platform and add new Forge-based actions to your app. With this release Forge Actions can now output smart values, enabling seamless data flow and dynamic automation.
For more information, see the Forge Automation Action module documentation.
We've added a new optional hidden property to the Forge macro module. When you set "hidden": true in your macro definition, the macro will be hidden from the quick insert menu and macro browser. This prevents users from searching for and inserting the macro into new pages, but existing macros will continue to render as usual.
For more information, see Macro.
You can now configure the Forge Content Byline Item module to open in a modal instead of a pop-up. The modal supports both standard and full-screen sizes, giving you more flexibility in how your content is displayed. This can be done by using viewportContainer: modal in your manifest.
For more information, see our documentation.
Forge platform will be undergoing maintenance in commercial production on November 23, 2025 for approximately 1 minute between 5:30-6:30am UTC
During this interval, below capabilities will not be available intermittently:
Create/update/delete apps
Deploy apps
Install/uninstall/upgrade apps
App invocations will continue to work for existing users of the apps. However, new customers might not be able to use apps as consent process will be impacted during this interval as well.
Rate this page: