Rate this page:
This page includes release notes and updates for Confluence Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Confluence Cloud.
For updates about changes to the Forge platform, see the Forge changelog in the Forge documentation.
You can also ask questions and learn from other Confluence Cloud developers on the Atlassian Developer Community.
The data residency realm migration service and associated APIs are now in Preview.*
Partners with Connect apps that store data outside of Atlassian are encouraged to start supporting realm migration on production.
You can find instructions and documentation here.
*Preview means that the feature is available for production use, and that a 1-3 month deprecation period and notice will be provided for any breaking changes that may be introduced.
We previously announced the deprecation of JWT query strings as a means to authenticate to the product REST APIs as a Connect app in August 2021 - Action Required: Deprecating support for passing Connect JWTs as a query string parameter to Atlassian APIs. This was to be enforced on Feb 1, 2022, however the enforcement of this change was not comprehensive and a small number of apps continued to use the existing query string method.
We’re now proceeding with the complete removal of ?jwt=
query string support from the Jira and Confluence APIs. If you currently still utilise JWT query strings, you will be allowlisted to continue until Aug 31, 2023 without any action on your end. After this date, the Atlassian Jira and Confluence APIs will no longer inspect the ?jwt=
query string parameter and requests for all apps, and consequently may fail with a HTTP 401 response.
Please utilise the JWT auth header as a means to authenticate as outlined in: https://developer.atlassian.com/cloud/jira/platform/understanding-jwt-for-connect-apps/#creating-a-jwt-token
Accepting sensitive JWTs as a query string parameter presents a problem as the query string is often saved in web browser history, passed through Referers to other web sites, stored in web logs such as intermediate proxy servers.
If your app provides its Connect JWT to the Atlassian APIs as a query string parameter, you must update it to pass the JWT via an Authorization: JWT
header.
We’re now proceeding with the complete removal of ?jwt=
query string support from the Jira and Confluence APIs. If you currently still utilise JWT query strings, you will be allowlisted to continue until Aug 31, 2023 without any action on your end. After this date, the Atlassian Jira and Confluence APIs will no longer inspect the ?jwt=
query string parameter and requests for all apps, and consequently may fail with a HTTP 401 response."
As of version 8.0.0, Atlassian Connect Express (ACE) requires Node.js 18.
This release also includes a remediation of CVE-2023-2815. ACE now blocks cross-protocol redirects by default.
ACE previously required Node.js 14, which reached end of life on April 30, 2023.
To learn more about the change to block cross-protocol redirects, see this CDAC post.
To learn more about the code changes in ACE 8.0.0, refer to this pull request.
Added Singapore as supported realm for Connect data residency.
As a reminder, if you indicate support for a realm, it means your app stores the relevant, in-scope data only in that realm - any in-scope data that your app stores must be stored in that realm. You should not declare the regionBaseURL for Singapore unless you use storage infrastructure in Singapore to pin in-scope data for customers in this region. For more information, please refer to the Connect data residency documentation.
The response body of the Get long-running task endpoint for tasks created by the Delete page tree endpoint contained the number of pages that were deleted. However, this number exposed the existence of restricted pages to any viewer of the payload, regardless of the viewer’s permissions.
This data exposes a security risk, and the Delete page tree endpoint is experimental. As such, we are removing the data immediately with no deprecation period.
The Get long-running task response previously contained the following body in the messages
field:
1
2
3
4
{
"translation": "DeletePageTree :: <number of deleted pages>",
"args": []
}
We have removed this message.
The src
property of the UI Kit Image
component will go through a permission check in the near future.
A specific date cannot be given for this change since it will depend on when each product adopts it.
If the Image
component is using an URL as its source, follow this External Permissions - Image guide to add permissions for that URL.
data:image
URIs will be allowed by default as the Image
source.
If the corresponding permission is not given to the source of the image when specified with a URL, then the image will not load.
To provide better quality PDF content, we’ve rearchitected the backend supporting the export of Confluence space to PDF. The change is rolling out to customers progressively and is expected to be with 100% of customers by May 1, 2023. This change does not require you to do anything. However, if you perform a PDF export and notice any issues, please report them on the developer community forums.
The existing PDF exports were causing a lot of bugs and inaccurate content on exports, a redesign of the backend flow was adapted as a permanent solution.
In the new backend flow, after Confluence receives an export request, it converts the Confluence page to PDF in “What You See Is What You Get” manner and the result is that PDF exports actually look like Confluence pages. (Note: tables are not automatically fit to size, but instead will export close to how the user has the table width configured.)
This exported page is then available to the user via downloadable link in the Download tab.
Note: Forge macros are supported now with this release.
Custom emojis don’t work
Jira Roadmap Planner doesn’t work
@page tag in PDF stylesheet
header/footer/title
If any of the above is detected in PDF layout, it will fallback to the old PDF export service.
Nothing. Just look out for errors or inaccurate PDF page export. This backend flow only gets called once you export a Confluence page into a PDF.
If you find something while exporting PDFs including errors and inaccurate export, please raise it in developer community forums and we will respond.
10% rollout to customers - Apr 17, 2023
50% rollout to customers - Apr 24, 2023
100% rollout to customers - May 1, 2023
Disclaimer - These dates are subject to change in case of any unexpected issues during or before rollout.
To mitigate a limitation with JavaScript’s handling of very large numbers, we are changing the return type of a number of fields in the Confluence REST API v2 endpoints.
To do this, any field that returns an ID (pageId, spaceId, etc.) as a 64-bit number will now be deprecated, and at the of the deprecation period, will start to return a string. To be clear - the fields themselves will not be removed.
To help make this transition smoother, we are introducing the query param serialize-ids-as-strings
to any V2 endpoint that contains a 64-bit numeric ID in its response. Consumers of the API can opt-in to the field type change by using this query param. At the end of the deprecation period, all IDs will return as string type only, and this query param will be removed.
Depending on how you parse these fields, there might be no action required. This deprecation (change of return type) will happen in 4 months, on 7 August 2023.
The documentation can be referenced here: https://developer.atlassian.com/cloud/confluence/rest/v2/intro/
After May 6, 2023, CQL search functions recentlyViewedSpaces()
and recentlyViewedContent()
will enforce a maximum of of 200 results.
There will be a maximum:
limit
of 200
on CQL recentlyViewedSpaces(limit
)
limit
of 200
on CQL recentlyViewedContent(limit
)
total of 200
for both limit
and offset
combined in CQL recentlyViewedContent(limit, offset)
The maximum limit was determined from observing traffic of both CQL endpoints. It will have no impact on how customers currently use the endpoint, while allowing us to significantly improve reliability and scalability.
Nothing. Just ensure that the limits adhere to the guidelines put forth above.
In our ongoing efforts to improve cloud scalability and reliability, we are making some changes to how we serve these endpoints. We monitored traffic for these endpoints and determined that introducing this limit would support improvements while having no impact on any customers (0% of monitored requests were 200 or over).
Q. What results will be returned for recentlyViewedContent(50
, 200
)?
A. Once enforced, no results will be returned in this case. This will result in an error “request is over max limit of 200”
This is an advanced notice that Atlassian Connect Express (ACE) will be updated to support NodeJS 18 from version 8.x.x. If you have an app based on ACE, it is advised to start evaluating a NodeJS upgrade using our beta version.
ACE previously supported NodeJS 14 which is approaching its EOL on the 30th of April 2023. After this date we will be publishing ACE version 8.0.0 with NodeJS 18 support.
https://github.com/nodejs/release#release-schedule
To assist with this upgrade a beta version of ACE 8.0.0 has been released. Please take some time to test your Connect app with the ACE 8.0.0-beta package and do not hesitate to reach out if you have any problems or concerns.
https://www.npmjs.com/package/atlassian-connect-express/v/8.0.0-beta.0
To provide better quality PDF content, we’ve rearchitected the backend supporting the export of Confluence pages to PDF. The change is rolling out to customers progressively and is expected to be with 100% of customers by May 1, 2023. This change does not require you to do anything. However, if you perform a PDF export and notice any issues, please report them on https://community.developer.atlassian.com/c/confluence/confluence-cloud/9.
The existing PDF exports were causing a lot of bugs and inaccurate content on exports, a redesign of the backend flow was adapted as a permanent solution.
In the new backend flow, after Confluence receives an export request, it converts the confluence page to PDF in What You See Is What You Get manner and the result is that PDF exports actually look like Confluence pages. (Note: tables are not automatically fit to size, but instead will export close to how the user has the table width configured)
This exported page is then available to the user via downloadable link in the Download tab.
Custom Emojis don’t work
Jira Roadmap Planner doesn’t work
Nothing. Just look out for errors or inaccurate PDF page export. This backend flow only gets called once you export a Confluence page into a PDF.
If you find something while exporting PDFs including errors and inaccurate export, please raise it at https://community.developer.atlassian.com/c/confluence/confluence-cloud/9 and we will respond.
10% rollout to customers - Apr 17, 2023
50% rollout to customers - Apr 24, 2023
100% rollout to customers - May 1, 2023
Disclaimer - These dates are subject to change in case of any unexpected issues during or before rollout.
To help you debug your Forge apps, the developer console now lets you group your metrics by app function. Each chart now has a Group by dropdown menu, with the option to select Function. For more information, see Monitor your apps.
We’ve introduced a new metric to the developer console - invocation time! You can now see the invocation time for your Forge apps by selecting Metrics in the left menu and scrolling to the new invocation time chart, which shows the speed of your function invocations, separated into time buckets.
You can also select the Go to detailed view link at the bottom of the chart, to get a more in-depth view of invocation time, including the P50, P90, and P95 for individual functions.
You can now use the following endpoints in the Confluence REST API v2:
Attachment
Content
Content Properties
Task
Version
There are also some new additions to already released endpoints, noted in the more details section. For more information about this change, see https://community.developer.atlassian.com/t/confluence-rest-api-v2-updating-v1-deprecation-timeline-and-announcing-v2-additions/68154.
The following updates have been made to already released endpoints:
A number of our bulk fetch endpoints (Get pages/blog posts/custom content/tasks) now have ID filters, to reduce the amount of calls required to single fetch endpoints
A number of our bulk fetch endpoints (Get pages/blog posts) now have status filters
The Create page
endpoint now allows a parent page to be specified
Attachment response entities now contain parent resource IDs
Our enums have now been standardized to return only in lowercase
The body
field used in a number of create endpoints can now be represented in the same format as returned by the body
field returned from fetch endpoints
The page-id
and blogpost-id
filters for the Get tasks
endpoint can now be used in conjunction
A number of our Get <entity> versions
endpoints now can return the body
field for each version
Page/Blogpost/Comment write endpoints now support wiki format
The content of the Link
header is now also being returned in the body of the response