This changelog is the source of truth for all changes to the Forge platform that affect people developing Forge apps.
See what's next for Forge on our platform roadmap.
We're excited to share that Forge, our app development platform for Atlassian cloud apps, is now generally available. You can rely on Forge's hosted infrastructure, storage, and FaaS functions to support apps in production; all of which are backed by Atlassian's operational readiness. Learn more about building the next Marketplace hit with Forge.
Note that some functionality in Forge remains in beta while we're still making changes that may break your apps. Learn more about the current functionality in beta.
The KVS and Custom Entity Store now allow you to batch multiple delete and get operations. These new capabilities are included in the latest version of the @forge/kvs package.
You can now generate Atlassian API tokens that are scoped to only the permissions required for the Forge CLI. Update to Forge CLI version 12.15.0 or later to start using scoped tokens.
Previously, Forge CLI relied on tokens with broad permissions. Scoped tokens help you follow security best practices, apply the principle of least privilege in CI/CD pipelines, and reduce the blast radius of a compromised token.
What you need to do
Update your Forge CLI to version 12.15.0 or later.
Run forge login and follow the instructions to create a Forge scoped API token.
Existing unscoped tokens will continue to work.
The Forge Model Context Protocol (MCP) Server is now generally available. This remote MCP server enables Forge app developers to use coding agents with up-to-date Atlassian Forge and Cloud documentation, including markdown-based guides, module catalogs, and manifest references. The Forge MCP Server also offers a search feature for Forge reference documentation and implementation patterns. These features are designed to streamline Forge app development in AI-powered workflows.
This release packs performance, reliability and search relevance improvements. We invite you to try the Forge MCP Server and share your feedback to help us improve.
Try the Forge MCP Server and share your feedback to help us improve.
For more information, see Forge MCP Server documentation.
We've introduced three new Forge triggers for Bitbucket deployment events. These triggers allow your Forge app to respond to deployment lifecycle events in Bitbucket Pipelines.
The new triggers are:
avi:bitbucket:pending:deployment — Fires when a deployment is pending
avi:bitbucket:started:deployment — Fires when a deployment starts
avi:bitbucket:completed:deployment — Fires when a deployment completes
To use these triggers, add them to the trigger section of your app's manifest.yml file. Each trigger provides deployment event data including environment, state, and pipeline details.
For more information, see Bitbucket events.
A new RFC is ready for review at: https://community.developer.atlassian.com/t/rfc-128-local-development-mocks-for-forge-storage/99256
We are introducing baseline security requirements for Atlassian Government Cloud (AGC) apps, which will take effect on Mar 31, 2026. If you have any questions regarding these new standards, please contact us here: https://ecosystem.atlassian.net/servicedesk/customer/portal/34/group/109/create/579
We’re also publishing our annual update to the general Cloud App Security Requirements for 2026, which includes new provisions for AI security, data protection, and supply chain security. See More details for highlights on this update.
Key additions to the general Cloud App Security Requirements include:
AI Security: New requirements for apps using Forge Rovo actions and agents, including validating action inputs as untrusted, implementing permission checks for admin-level actions, and accurately configuring actionVerb values.
Data Protection:
External OAuth2 clients must use Forge's OAuth2 Providers and be configured as confidential clients where supported.
Application logs must strictly exclude PII, credentials, and sensitive data.
Apps must ensure strict tenant isolation during runtime.
Apps must not execute arbitrary code by spawning child processes (e.g., using Node.js child_process).
Application Security:
Apps using Forge SQL must use parameterized queries to mitigate SQL injection risks.
Updated guidance on Content Security Policy (CSP) regarding unsafe-inline and unsafe-eval directives.
Runtime Security:
Apps must not use EOL (end-of-life) Node.js runtimes.
Key-Value Store(KVS) editor is now available for all non-viewer app roles in the developer console for development and staging environments. Use the editor to
Add new keys and values
Update the values of existing keys
The editor is designed for fast, iterative testing, so you can quickly experiment with and validate changes to your app’s stored data.
We’re introducing display condition support to the following Jira Service Management (JSM) Forge portal modules as a preview release:
Portal footer
Portal header
Portal profile panel
Portal request create property panel
Portal request detail
Portal request detail panel
Portal request view action
Portal subheader
Portal user menu action
For these JSM modules, Forge apps can now declare displayConditions in the app manifest and have them evaluated by the host, consistent with how display conditions work for Jira and Confluence Forge modules today.
For further details, see the documentation here.
Support for Claude Opus 4.6 model is now available in Forge LLMs. This is in addition to the already supported Claude Opus 4.5 and Claude Opus 4.1 models.
Forge LLMs remain in Early Access (EAP). Due to high demand, participation is limited. To request access, join the waitlist here.
For the exhaustive list of supported models, refer to our documentation here
We've introduced two new components to UI Kit, now available in Preview: AtlassianTile and AtlassianIcon. Use these components to display Atlassian object type icons—such as stories, tasks, epics, blogs, and more—with consistent styling that aligns with the Atlassian Design System.
Both components provide fixed color, size, and styling options for Atlassian object types. Any updates to icon or tile styling in the Atlassian Design System are automatically reflected in your app.
For implementation details and examples, see the Atlassian icon and Atlassian tile component documentation.
We’ve added a new rovo.isEnabled method to the Forge UI bridge API. This method returns a boolean indicating whether Rovo is enabled for the tenant. You can use it alongside the existing rovo.open method to conditionally invoke Rovo only when it’s available.
For more information, see the updated documentation for the Rovo bridge methods.
We've added optional height and width properties to the Frame component in UI Kit. Apps can now set explicit dimensions in pixels or percentages, instead of relying on automatic resizing. This gives you more control over your app's layout.
For more information, see the updated documentation for the Frame component.
Forge Containers is now available through Forge’s Early Access Program (EAP). To join the EAP, please complete this sign-up form.
This version of Forge Containers allows you to push, deploy, and execute container images as part of your app deployment. This allows your app to leverage a wide variety of runtime dependencies and languages within the container, perform long-running batch jobs, and access greater allocations of CPU and memory than what is available in the Forge Functions runtime.
For more information on this capability and how it works, see Forge Containers (EAP).
For apps with 500 or more installs, you can now download a CSV of all installations directly from the Installations page in the Developer Console.
Forge Feature Flags is now available through the Early Access Program. To join the EAP, please complete this sign-up form.
This native feature flagging solution allows you to:
Test new features with select customers before a full rollout and collect early feedback
Quickly fix bugs for specific sites or customer groups
Gradually release features using percentage-based rollouts
Gather targeted feedback and iterate rapidly
Optimize app costs by controlling when features consume Forge resources
Forge Feature Flags includes server-side (@forge/feature-flags-node), allowing you to evaluate feature flags in Forge Node Runtime based applications.
For implementation details and examples, refer to the documentation here.
Rate this page: