Changelog

Forge apps using the UI Modifications API configured for Issue View will now have their modifications applied when issues are opened via ViewIssueModal (for example, from global pages, admin pages, or custom UI panels).

Previously, UI Modifications were not loaded silently in this context. This applies to all supported project types, and requires no changes to your app's manifest or code

For more details, see the Jira UI modifications documentation.

The Developer Console’s invocation error metrics and alerts screen now features a new Missing scopes error type for Product Events and Agent Connector invocations. This makes it easier to identify and troubleshoot invocation errors caused by insufficient permissions, which frequently occur during app-to-app validation.

You can now:

• View Missing scopes as a distinct category in the Invocation errors chart.

• Use Missing scopes as a filter when creating Advanced alerts to stay informed about permission-related failures.

What you need to do
No action is required to enable this feature. If your app experiences invocation failures due to missing scopes, they will now be automatically categorized and surfaced in the Developer Console.

Forge embedded macros have reached general availability (GA). This feature allows Forge bodied macro apps to render other embedded Forge macro apps, enabling more complex and integrated content experiences within Confluence.

What’s changing
You can now use the following methods to render embedded Forge macro apps within a bodied macro:

• UI Kit: Use the AdfRenderer component.

• Custom UI: Use the view.createAdfRendererIframeProps method from the @forge/bridge package.

What you need to do
To start using embedded macros in your bodied macro apps:

• Ensure you are using the latest version of @forge/bridge for Custom UI apps.

• Implement the AdfRenderer (UI Kit) or createAdfRendererIframeProps (Custom UI) in your macro's rendering logic.

• Refer to the updated Forge rich-text bodied macros documentation for implementation details and examples.

Forge LLM is now officially in Preview. This transition makes Forge LLM available to all developers as a billable capability.

What’s changing

• Progressive Rollout: We are using a progressive rollout strategy to enable Preview access. This means it may take a few days for the necessary feature flags to reach all tenants.

• Temporary Error Messages: During this rollout period, you may still see an error message stating: Forge LLM feature is available exclusively in the Development environment through the EAP program. This message will persist until the rollout is complete for your specific environment.

• Billing: All Forge LLM usage is now billable. Please ensure your apps are associated with a developer space that has active billing details.

• Model Deprecations: The following older model versions are now deprecated and are not included in the Preview release:

  1. claude-sonnet-4-20250514

  2. claude-opus-4-1-20250805

  3. claude-opus-4-5-20251101

What you need to do

1. Review the Forge LLMs pricing to understand how credits and billing work.

2. Update your app configurations to use supported model versions.

3. Verify your billing details in the developer console to ensure uninterrupted service.

4. For technical implementation details, refer to the Forge LLMs API reference.

We're releasing multi-entry resource bundles for Forge apps into preview. This update allows you to group multiple named entry points within a single resource, helping you optimise app performance and stay within resource limits.

What's changing
Previously, apps with multiple modules required a separate top-level resource entry in manifest.yml for each view, consuming one bundle slot per module. You can now define multiple named entry points within a single resource using the new entry property.

You can reference each entry from any module using slash syntax: resource: <resource-key>/<entry-key>. This feature is available for both UI Kit and Custom UI apps.

Why this matters

• Lower bundle count usage: Multiple entries within one resource count as a single resource against the 50-resource limit.

• Smaller deploy size and faster load times: For UI Kit, the Forge CLI automatically extracts shared dependencies into common chunks. For Custom UI, you can achieve similar benefits by configuring code splitting in your build pipeline (e.g., via webpack or vite).

• Fully backwards-compatible: Existing apps require no changes. The entry property is optional, and resources without it behave as before.

Key details

• Maximum of 50 entries per resource.

• Entry values must be flat filenames directly within the path directory; nested paths (e.g., views/global.jsx) are not supported.

• As a Preview feature, this is considered stable but remains under active development and may have shorter deprecation windows.

What you need to do
To get started, review the updated resources manifest reference for documentation and examples.

As recently announced in Raising the bar on Marketplace cloud app security: together we are updating the Marketplace Security Bug Fix Policy to shorten vulnerability remediation timelines for Marketplace cloud apps. These changes ensure a higher security standard across our ecosystem.

What’s changing
The remediation Service Level Objectives (SLOs) for Marketplace cloud apps are being shortened. The timelines for Data Center apps remain unchanged.

Updated Cloud App SLOs (Enforceable September 1, 2026):

• Critical: 10 days

• High: 4 weeks

• Medium: 12 weeks

• Low: 25 weeks

Data Center App SLOs (Unchanged):

• Critical: 12 weeks

• High: 12 weeks

• Medium: 12 weeks

• Low: 25 weeks

Additionally, we have published the Marketplace Security Enforcement Policy, a consolidated source of truth for marketplace security compliance expectations, including vulnerability management, OAuth compliance, partner verification, bug bounty participation, and incident response.

What you need to do

• Review the new timelines: Ensure your internal processes are updated to meet the new cloud app SLOs by September 1, 2026.

• Check your tickets: We have corrected an issue where some AMS Data Center tickets incorrectly showed cloud remediation dates. If you believe a ticket still has an incorrect date, please raise an ECOHELP ticket.

• Watch the policy page: The Marketplace Security Enforcement Policy is a living document, we recommend "watching" the page for future updates.

We are introducing rate limits for Forge Realtime to ensure the stability and reliability of the service for all apps.

What’s changing
Starting June 26, 2026, a rate limit of 50 requests per app installation per second will be enforced for Forge Realtime. For more information, see our rate limit documentation.

Based on our current telemetry, no existing Forge apps exceed this limit, so we do not expect any immediate impact on your app's performance. This change is a proactive measure to maintain service health.

What you need to do

• Review your app's use of the Realtime Events API and Bridge API Realtime method to ensure your request frequency remains within the new limit.

• If you anticipate needing a higher rate limit for a specific use case, please reach out via the developer support portal.

As Connect approaches end of support in December 2026, we are starting to roll out customer messaging in the admin experience to inform admins when an installed app runs on a soon to be unsupported platform, Connect. Following on from our previous announcement, this messaging will gradually rollout over the next week to be live in production for non-public apps only and is scoped to the admin experience, end users will not see any notices at this stage.

On Jun 2, 2026, we will enable customer messaging on Developer Canary tenants for public apps. This will include notices in admin facing experiences so enrolled partners can preview the exact messaging their customers will see and have the chance to adopt the new connectToForgeMigration module in their manifest before it goes live in production.

The Forge CLI now supports specifying a limit when starting a bulk-upgrade workflow.

This limit can also specified in non-interactive mode.

If the limit parameter is not specified, the CLI will prompt you for a limit as part of its interactive flow.

The Forge CLI will also now indicate when the number of eligible installations exceeds the number that can be performed in a single workflow.

Forge LLMs will move from EAP to Preview on Jun 1, 2026, making it available to all Forge developers as a billable capability.

To ensure a clean cutover, EAP access will be disabled on May 29, 2026 at 00:00 UTC. From Jun 1, 2026 , all Forge LLM usage will be billed.

We are also deprecating the following older model versions, which will not be included in Preview:

• claude-sonnet-4-20250514

• claude-opus-4-1-20250805

• claude-opus-4-5-20251101

What you need to do

• Review the Forge LLMs pricing to understand how credits and billing work.
• Ensure your apps are added to a developer space with active billing details to continue using Forge LLMs on June 1st.

For more information, see the Forge LLMs reference documentation.

We've introduced the Tile component for Forge UI Kit apps, now available in Preview. The Tile component is a rounded square container for displaying assets like emojis, or objects in a consistent, styled way.

The component supports various sizes (from 16px to 48px), customizable background colors using design tokens, optional borders, and adjustable internal padding for different asset types including third-party logos.

For implementation details and examples, see the Tile component documentation.

The Forge CLI downloads app templates from a CDN when running forge create. As part of our ongoing security and reliability improvements, this CDN URL is being deprecated and replaced with a new one.

What's changing:

• Old URL (deprecated): https://forge-templates.us-west-2.prod.public.atl-paas.net/

• New URL: https://forge-templates-bifrost.prod-east.frontend.public.atl-paas.net/assets/

When:

• Effective from @forge/cli@12.20.1: the CLI fetches templates from the new URL.

• End of support for old URL: 2026-11-26 (6-month deprecation period, per the Forge deprecation policy).

Who is affected:

• Developers running Forge CLI versions older than 12.20.1 that reference the legacy templates URL.

• Enterprise environments with firewall allow-lists that include the old CDN domain.

Action required:

• Update your Forge CLI to @forge/cli@12.20.1 or later: npm install -g @forge/cli@latest

• If you maintain a corporate firewall allow-list, add forge-templates-bifrost.prod-east.frontend.public.atl-paas.net to your permitted domains. You can safely remove forge-templates.us-west-2.prod.public.atl-paas.net after 2026-11-26. Refer to Use the Forge CLI on a corporate network for the full list of required outbound connections.

• No changes to app code or manifests are required.

More details: Use the Forge CLI on a corporate network

New UI Kit components for managing file upload are now in preview:

• File picker: allows the user to select files stored locally.

• File card: displays information about a file (including name, type, and size); this can be used to managed selected files and displaying upload progress.

See how to implement these in our example app.

A new RFC is ready for review at RFC-136

Previously we announced an issue where storage:app as a scope increase was not able to be managed by bulk upgrade. This issue has now been resolved, and storage:app support via bulk upgrade has been restored.