Releasebot
Join for free

Atlassian Release Notes

Last updated: Sep 29, 2025

RSS Email Slack API

Products

All Atlassian Release Notes

  • Sep 24, 2025
    • Parsed from source:
      Sep 24, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Jira by Atlassian

    Jira Software 11.1.x upgrade notes

    Original source

    Upgrade notes are now included in the release notes

    Starting with Jira Data Center 11.1, we've combined the upgrade notes and release notes into a single page. You’ll find all improvements and changes in one place, so there’s no need to switch between pages.

    Explore the Jira Software 11.1 release notes

    Last modified on Sep 24, 2025

  • Sep 24, 2025
    • Parsed from source:
      Sep 24, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Jira by Atlassian

    Jira Software 11.1

    Original source

    Jira Software 11.1 introduces Find missing issues in Advanced Roadmaps, service accounts for automations, signed SAML requests, React 18.3/Atlaskit upgrades, platform notes, app developer guidance, upgrade procedures, and a resolved-issues list—plus compatibility notes.

    We're pleased to present Jira Software 11.1.

    Highlights

    • Find missing issues in Advanced Roadmaps for Jira
    • Manage your integrations and automations with service accounts
    • Sign SAML authentication requests
    • React 18.3 and Atlaskit upgrade
    • Changes to supported platforms
    • App developers
    • Upgrade procedure
    • Resolved issues

    More

    See the full list of issues resolved in this release.

    Compatible applications

    If you're looking for compatible Jira applications, look no further: Jira Service Management 11.1 release notes.

    Find missing issues in Advanced Roadmaps for Jira

    For: END USERS ADMINS

    We’re introducing the Find your issue feature to help you quickly understand why a specific issue isn’t visible in your Advanced Roadmaps for Jira dashboard. You can search for any issue by its key, and Jira will analyze your dashboard’s filters and settings to explain why the issue is missing. Diagnostics run in the background. Each request is handled separately, and rate limits help maintain consistent performance. To find missing issues:

      1. From the Roadmap tab, go to Settings, then Configure, then select Find your issues.
      1. In the search box, enter the issue key and select Search.

    More about missing issues in Advanced Roadmaps

    Manage your integrations and automations with service accounts

    For: ADMINS

    Service accounts are specialized, non-user accounts created for secure and efficient management of automated processes and external integrations. With service accounts, you can securely access REST APIs using the OAuth 2.0 authentication method to execute scripts and run tasks while maintaining full control of permissions. All actions performed by service accounts are tracked, providing visibility into their operations. To set up a service account:

      1. Go to Administration, then User management, then from the sidebar select Service accounts.
      1. Select Create service account.
      1. Follow the prompts to configure your service account’s details, scopes, and resources, then generate your OAuth 2.0 credentials.
      1. Review all the details and copy your credentials to a safe place. Explore how to manage a service account
    Sign SAML authentication requests

    For: ADMINS

    We’re implementing signed Security Assertion Markup Language (SAML) authentication requests to strengthen your instance’s security. When SAML is enabled, the authentication plugin generates a certificate and private key during startup. The private key signs SAML authentication requests, and you can download the certificate to upload to your Identity Provider (IdP). This lets the IdP verify the authenticity and integrity of each request. To enable signing SAML authentication requests, go to the Authentication methods page and select Sign requests. Explore SAML single sign-on for Atlassian Data Center applications

    React 18.3 and Atlaskit upgrade

    For: ADMINS

    We're upgrading Jira Data Center to use React 18.3 and the latest Atlaskit components. This update helps keep your instance secure and compliant by enabling continuous security updates and bug fixes from Atlaskit and React. In Jira 11.1, we upgrade Platform packages, Jira Service Management, and Assets. The React 16 web resources exposed by Jira are now deprecated. We recommend migrating your custom apps and integrations to React 18.3 to ensure compatibility and continued support. Review code sharing and migration guidance

    Changes to supported platforms

    This release of Jira Software doesn’t introduce any changes to supported platforms. For the list of supported platforms, see Supported platforms. For previous announcements, see End of support announcements.

    App developers

    See Preparing for Jira 11.1 for any important changes regarding apps.

    Upgrade procedure

    Upgrading from Jira version 10.x.x?

    • See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
    • For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.

    Resolved issues

    See the full list of the issues we’ve resolved throughout the lifecycle of Jira Software 11.1.

    Issues resolved in 11.1.0

    Released on 24 September 2025

    • Timeout message not displayed correctly when releasing a large amount of issues from a Kanban board
    • Timeout errors can occur when completing sprints in Scrum boards
    • JIRA Software JAVA API for Version 7 and above
    • Epic name character limit exists in GH but not JIRA
    • The multi-byte characters are garbled in the Time since chart and the Resolution time gadgets
    • No Confluence page found with the given URL while linking confluence web page
    • Confluence displays the warning "Application 'xxx' seems to be offline. Click here to relocate" for application links to Jira when the dark feature "public.access.disabled" is enabled in Jira 10.3.x
    • Invalid use of RequestCache by thread: JIRA-Import-Thread
    • Editor: Buttons not operable with a keyboard
    • Editor: Non-descriptive link text
    • Automation rules cannot be published when copying the "Customer Request Type" field from relevant sources in "clone issue" or "edit issue" actions
  • Sep 3, 2025
    • Parsed from source:
      Sep 3, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Confluence by Atlassian

    Confluence 10.0.3

    Original source

    Confluence 10.0.3 is a bug-fix release addressing upgrade installer issues, calendar data pulls from Jira Cloud, a third-party security vulnerability, slow scrolling with tables in Chromium, and login/import problems. Users are urged to upgrade with notes.

    The Atlassian Confluence team is pleased to announce the release of Confluence 10.0.3, which is a bug-fix release.

    Don't have Confluence 10.0 yet?

    Check out the new features and other highlights in the Confluence 10.0 release notes.

    Get the latest version.

    We recommend you read the Confluence 10.0 upgrade notes and you back up your confluence-home directory and database before upgrading.

    Issues resolved in 10.0.3 include:

    • CONFSERVER-100750: Confluence upgrade via windows installer not working [9.2.7 - 10.0.2] (Bug, Fixed)
    • CONFSERVER-100548: Confluence Team Calendar Can't Pull Jira Cloud Projects Data (Bug, Fixed)
    • CONFSERVER-100795: RCE (Remote Code Execution) Third-Party Dependency in Confluence Data Center and Server (Public Security Vulnerability, Fixed)
    • CONFSERVER-100201: Slow scrolling on a page with tables causes repositioning on the last row in Chromium browsers (Chrome/Edge) (Bug, Fixed)
    • CONFSERVER-99590: Unable to log into Confluence (via Crowd) after importing an XML backup generated on Confluence Windows into a Confluence running on Linux (Bug, Fixed)

    Last modified on Sep 3, 2025.

  • Sep 3, 2025
    • Parsed from source:
      Sep 3, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Confluence by Atlassian

    Confluence 9.2.8

    Original source

    Confluence 9.2.8 is a bug‑fix release with fixes for calendar data, authentication prompts, slow scrolling, startup warnings, LDAP/cluster issues, template spaces, indexing performance, login via Crowd, API pagination, captcha, and table width.

    Confluence 9.2.8

    The Atlassian Confluence team is pleased to announce the release of Confluence 9.2.8, which is a bug-fix release.

    Don't have Confluence 9.2 yet?

    Check out the new features and other highlights in the Confluence 9.2 release notes.

    Get the latest version.

    We recommend you read the Confluence 9.2 upgrade notes and you back up your confluence-home directory and database before upgrading.

    Issues resolved in 9.2.8 include:
    • CONFSERVER-100548: Confluence Team Calendar Can't Pull Jira Cloud Projects Data (Bug, Highest priority, Fixed)
    • CONFSERVER-100021: Users are regularly prompted for authentication in Outlook and Apple Calendars in Confluence 9.2+ (Bug, Highest priority, Fixed)
    • CONFSERVER-100201: Slow scrolling on a page with tables causes repositioning on the last row in Chromium browsers (Chrome/Edge) (Bug, High priority, Fixed)
    • CONFSERVER-99198: Confluence logs a "org.apache.logging.slf4j.SLF4JServiceProvider not found" warning during startup (Bug, Medium priority, Fixed)
    • CONFSERVER-99183: After upgrade to 9.2.0, unable to add remote LDAP directory with error : log Invocation blocked as method is not allowlisted: com.google.common.collect.SingletonImmutableList (Bug, Medium priority, Fixed)
    • CONFSERVER-100541: Synchronization Fails in Confluence 9.2 when using a Clustered LDAP (Bug, Low priority, Fixed)
    • CONFSERVER-100540: Creating a space from a template fails for non-admin users (Bug, Low priority, Fixed)
    • CONFSERVER-100362: Repeatedly clicking Content queue or Change queue tabs under Confluence Administration 12 Content indexing can cause performance problems (Bug, Low priority, Fixed)
    • CONFSERVER-99590: Unable to log into Confluence (via Crowd) after importing an XML backup generated on Confluence Windows into a Confluence running on Linux (Bug, Low priority, Fixed)
    • CONFSERVER-95999: Duplicate and missing users when using pagination(start,limit parameter) in GET /rest/api/user/list REST API call. (Bug, Low priority, Fixed)
    • CONFSERVER-93223: Captcha sometimes fails to render (Bug, Low priority, Fixed)
    • CONFSERVER-81234: Resizing the width for Fixed Width Table is limited by the text length in the table (Bug, Low priority, Fixed)

    Last modified on Sep 3, 2025.

  • Sep 3, 2025
    • Parsed from source:
      Sep 3, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Confluence by Atlassian

    Confluence 9.5.4

    Original source

    Confluence 9.5.4 is a bug-fix release addressing two issues: getting Jira Cloud data for Team Calendar and slow table scrolling in Chromium-based browsers. Upgrade guidance and backups are recommended in the notes.

    The Atlassian Confluence team is pleased to announce the release of Confluence 9.5.4, which is a bug-fix release.

    Don't have Confluence 9.5 yet?

    Check out the new features and other highlights in the Confluence 9.5 release notes.

    Get the latest version.

    We recommend you read the Confluence 9.5 upgrade notes and you back up your confluence-home directory and database before upgrading.

    Issues resolved in 9.5.4:

    • CONFSERVER-100548: Confluence Team Calendar Can't Pull Jira Cloud Projects Data (Bug, Highest priority, Fixed)
    • CONFSERVER-100201: Slow scrolling on a page with tables causes repositioning on the last row in Chromium browsers (Chrome/Edge) (Bug, High priority, Fixed)

    Last modified on Sep 3, 2025.

  • Aug 14, 2025
    • Parsed from source:
      Aug 14, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Jira by Atlassian

    Jira Software 11.0.x upgrade notes

    Original source

    Jira 11.0.x introduces major platform upgrades (Spring/Jakarta/Tomcat), security and performance hardening, OAuth 2.0 enhancements (scopes, token lifetimes, rotation, revocation), and stricter app compatibility checks. It requires a full re-index and app readiness, with end-of-support for several runtimes/databases and new JDK 21 support.

    Spring and Jakarta upgrade

    To maintain high security standards and keep dependencies supported and up to date, we’re upgrading Spring to the 6.x line, Jakarta to EE Platform 10, Apache Tomcat to 10.1 as well as other libraries that depend on Spring and Jakarta.

    The Apache Tomcat upgrade also introduces changes under the Jakarta Servlet specification. If you rely on custom server settings or connectors, review the following before upgrading:

    • Check custom server.xml configurations, especially any references to "javax.servlet" APIs. Tomcat 10.1 has migrated to the "jakarta.servlet" namespace.
    • Verify that any connectors (HTTP, AJP, etc.) are still supported and properly configured in Tomcat 10.1.
    • Confirm that any security or TLS/SSL settings are compatible with Tomcat 10.1’s default cryptographic protocols.

    For detailed information on the changes introduced in Tomcat 10.1, consult the official Apache Tomcat documentation.

    Upgrade to jQuery 3

    We’ve upgraded jQuery from version 2 (with [email protected]) to version 3 (with [email protected]) to align on jQuery versions across all Data Center products. This means a significant jQuery version uplift for products containing older versions of jQuery that will make developing cross-product apps easier.

    For more details, refer to the jQuery Core 1.9 upgrade guide and jQuery Core 3.0 upgrade guide.

    Removal of deprecated components in AUI 10

    We’re removing some outdated AUI 10 components with design and accessibility issues (Dropdown 1 and Toolbar 1) and updating internal dependencies to better support jQuery 3 and proactively address security issues.

    End of support for LESS

    To enhance the security and performance, we’re removing the ability to transform LESS to CSS at runtime, requiring LESS to be transpiled into CSS at compile time.

    Global serialization filter

    We’re implementing a global serialization filter that relies on a central blocklist for Java deserialization, Velocity, Struts, and XStream. This filter is designed to block specific classes and patterns that are recognized as vulnerable to Remote Code Execution (RCE) through publicly known gadget chains.

    Add scopes to REST endpoints to use OAuth 2.0 2LO

    We’ve introduced @ScopesAllowed to improve security and control over REST endpoints. Add the @ScopesAllowed annotation to your endpoints to make them accessible using an OAuth 2.0 Client Credentials token (2LO). For example, this annotation requires that the access token has the WRITE scope before providing access to this endpoint.

    @POST
@ScopesAllowed(requiredScope = "WRITE")
public void createEntity(...) {}

    OAuth 2.0 security improvements

    We're implementing several important changes to our OAuth 2.0 authentication process to enhance security and efficiency.

    • Enforced global maximum time on access tokens: Access tokens will now have a maximum validity period of 1 hour. This change is designed to improve security by ensuring tokens are refreshed more frequently. You can change the value by setting the atlassian.oauth2.provider.access.token.expiration.seconds system property.
    • Maximum lifetime of client ID and secret: The lifetime of client IDs and secrets is now 90 days by default. However, you can adjust this setting to a maximum of 730 days. This change aims to encourage regular rotation of credentials. You can change the value by setting the atlassian.oauth2.provider.client.credentials.expiration.seconds system property.
    • Rotation of client credentials: We recommend regularly rotating your client credentials, including both the client ID and secret, to improve security. Setting up a rotation policy helps reduce the risk if credentials are ever compromised.
    • Revocation of rotated client credentials: Once client credentials (client ID and secret) are rotated, the previous credentials can be revoked. This ensures that only the most recent credentials remain active, reducing the risk of unauthorized access.
    • Revocation of user's refresh tokens: We now provide the ability to revoke all refresh tokens associated with a specific user. Additionally, administrators have the authority to revoke all refresh tokens for users within the system. This capability allows for greater control over session management and security.
    • Maximum number of refresh tokens: The maximum number of refresh tokens allowed per client ID and user is limited to 25. This limitation helps manage resource usage and ensures that token proliferation is kept in check. You can change the value by setting the atlassian.oauth2.provider.refresh.token.limit.per.client.user system property.

    Basic authentication disabled by default

    We’re disabling authentication with basic authentication by default. This is a first step towards the removal of basic authentication altogether as we develop and mature alternatives to support the remaining few use cases.

    Updated Tomcat protocols

    We’ve updated the protocols provided by Jira extending the Tomcat protocols with support for password encryption:

    The APR/Native library and the APR/Native Connectors, including both AJP and HTTP, are deprecated in Tomcat 10 and will be removed starting from Tomcat 10.1.x. Specifically, the Http11AprProtocol (HTTP connector) and the AjpAprProtocol (AJP connector) are deprecated. Consequently, com.atlassian.secrets.tomcat.protocol.AjpAprProtocolWithPasswordEncryption and com.atlassian.secrets.tomcat.protocol.Http11AprProtocolWithPasswordEncryption are no longer supported in Jira 11.

    Changes to supported platforms

    See what changes have been made to supported platforms in this Jira release. For more details, check out Supported platforms.

    End-of-support announcements

    We’ve removed support for:

    • JDK 17
    • PostgreSQL 15
    • PostgreSQL 14
    • PostgreSQL 13
    • PostgreSQL 12
    • MySQL 8.0
    • Oracle 18c
    • MSSQL Server 2017

    Added support

    • JDK 21
    • PostgreSQL 17
    • MySQL 8.4 LTS

    This version of Jira will only run on Java 21.

    App developers

    See Preparing for Jira 11.0 for any important changes regarding apps.

    Upgrade procedure

    Upgrading from Jira version 10.x.x?

    • See Upgrading Jira applications for complete upgrade procedures, including all available upgrade methods and pre-upgrade steps.
    • For a more tailored upgrade, go to Jira administration, then Applications, then Plan your upgrade. We’ll recommend a version to upgrade to, run pre-upgrade checks, and provide you with a custom upgrade guide with step-by-step instructions.
  • Aug 13, 2025
    • Parsed from source:
      Aug 13, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Jira by Atlassian

    Jira Software 11.0

    Original source

    Jira 11.0 brings the Rovo Data Center connector, Advanced Roadmaps UI refresh, OpenSearch early access, ProForma Lite upgrade, app signing by default, system/dashboard tweaks, performance boosts, and removal of deprecated features — plus admin tools and broader security improvements.

    We're pleased to present Jira Software 11.0.

    Highlights

    • Introducing the Jira Data Center connector for Rovo
    • Removal of the deprecated Text gadget
    • End of support for the Original theme
    • New look and feel for Advanced Roadmaps for Jira
    • Changes to issue sources filter for unsaved issues in Advanced Roadmaps for Jira
    • Strict permission handling in Advanced Roadmaps for Jira
    • Changes to System Dashboard operations
    • Sorting on TEXT entity property
    • Upgrade from ProForma Lite to ProForma Full
    • Advance notice: OpenSearch opt-in feature ready for early access
    • View your repo health with Sync history
    • New backend issue limit for Advanced Roadmaps for Jira
    • App signing is now enabled by default for app installations
    • Check indexing stats in JMX
    • Faster user management
    • Simplification of multipart handling in WebWork
    • Removal of Trusted apps
    • Before you upgrade to Jira 11.0
    Introducing the Jira Data Center connector for Rovo

    For: END USERS ADMINS The Jira Data Center connector facilitates Cloud-based AI capabilities without requiring a full migration to the Cloud and allows data synchronization from Jira Data Center to Rovo in Atlassian Cloud. With Rovo, you can centralize knowledge from various platforms, providing a unified view of search results from both Cloud and Data Center, as well as third-party tools like SharePoint and Slack. You can boost productivity with Rovo Chat’s AI-driven insights and personalized responses, all while maintaining your existing infrastructure. Coming soon: You’ll be able to also include Jira Service Management Data Center projects and issues in Rovo’s unified search and AI experiences. Rovo, including search, chat, and studio apps as well as agents, is available to customers with a Premium or Enterprise Cloud plan of Jira, Confluence, Jira Service Management, or Teamwork Collection. Contact our team for assistance with setting up a new plan. Already have access to Rovo? Connect Jira Data Center to Rovo

    Removal of the deprecated Text gadget

    For: END USERS ADMINS We’ve removed the Text gadget for dashboards that we deprecated in Jira 9.11 and replaced with the Rich Text gadget to improve security in Jira.

    End of support for the Original theme

    For: END USERS ADMINS With the new light and dark themes that brought accessibility and usability improvements, we’re removing the original theme from all products.

    New look and feel for Advanced Roadmaps for Jira

    For: END USERS ADMINS In Jira 10.7, we introduced a new look and feel for Advanced Roadmaps for Jira. Now, in Jira 11, we’re removing the feature flag behind those changes, making the modernized UI the new standard. This change brings consistency in how you and your team view and manage projects. New to Advanced Roadmaps? Discover Advanced Roadmaps for Jira

    Changes to issue sources filter for unsaved issues in Advanced Roadmaps for Jira

    For: END USERS We’re updating how issue sources are attached to newly created issues in Advanced Roadmaps for Jira plans. Now, new issues won’t have any issue source attached until you save them to Jira. Previously, new issues were immediately linked to their issue sources, allowing filters to apply to both saved and unsaved issues.

    Strict permission handling in Advanced Roadmaps for Jira

    For: END USERS ADMINS We’re adding strict permission handling for Jira issue filters used as an issue source in Advanced Roadmaps for Jira. Now, if you don’t have permission to view an issue filter, and that filter is used as an issue source in a plan, you won’t see the issues from that filter in your plan. The new approach ensures that issue visibility in plans always respects Jira’s permission model, bringing consistency across Jira. To include new issues in your plans, make sure they’re saved in Jira and that you have access to the relevant filters.

    Changes to System Dashboard operations

    For: END USERS ADMINS We’ve aligned the System Dashboard interface to accurately reflect permissible actions and prevent confusion:

    • On the Shared Dashboards page, we've removed the dropdown menu with options to delete or change System Dashboard’s ownership.
    • On the Manage Dashboards page, we’ve removed the Edit and Delete options. Now, you can only copy System Dashboard. These changes apply exclusively to the System Dashboard.
    Sorting on TEXT entity property

    For: END USERS ADMINS We’ve removed support for sorting on TEXT entity properties. This also applies to existing TEXT entity properties.

    Entity properties declared with more than one type

    If the same entity property is declared more than one time, only the first declaration will be considered and the subsequent declarations will be ignored. Considering the index-document-configuration module below, only the STRING property will be created. You can confirm whether a property has been ignored by configuring a logging level of DEBUG for the com.atlassian.jira.search.issue.index.indexers.impl.IssuePropertyIndexExtractor package.

    Upgrade from ProForma Lite to ProForma Full

    For: ADMINS The ProForma Lite app is no longer supported or available to download from the Atlassian Marketplace. Instead, you can now try a 30-day free trial of the full ProForma app to explore all ProForma features and enjoy a better forms experience. If you currently use ProForma Lite, plan to upgrade to the full, paid version of the ProForma app or check out the trial first. ProForma Lite won’t receive updates, compatibility fixes, or support. It might also stop working if it becomes incompatible with future Jira updates. If you’re using Jira Service Management, you can access all ProForma features for free. Explore ProForma licensing details

    Advance notice: OpenSearch opt-in feature ready for early access

    For: ADMINS We’re working to introduce OpenSearch as an opt-in search engine in Jira. This will provide more advanced indexing options leading to less processing requirements and faster search results. We’re inviting you to be a part of our OpenSearch Early Access Program (EAP)! We’ve updated the OpenSearch upgrade guide to help you get started. OpenSearch during EAP isn’t suitable for production environments, but we encourage you to try it on your testing environment and share your feedback on [email protected] or via our customer support channel.

    View your repo health with Sync history

    For: ADMINS We're introducing Sync history in the Distributed Version Control System (DVCS) admin section, a new feature that provides a repository sync audit log at a glance. Previously, admins couldn't access essential information about past repo syncs, making it challenging to assess the health of the sync process and debug errors. Now, you can access a detailed list of repository syncs from the past seven days in the audit table, reducing the time you need to identify and isolate problem areas. The details include start and end time, sync status, failure reason, duration, and type of sync (soft or full). To check the sync history of your repo:

    1. Go to Settings, then Applications.
    2. Go to DVCS accounts and open your account.
    3. Next to the repo you want to check, select Show sync history.
    New backend issue limit for Advanced Roadmaps for Jira

    For: ADMINS We’ve increased the backend limit of issues that Jira can return in Advanced Roadmaps to 10,000. This change helps keep performance stable and ensures safe operation when working with large volumes of issue data in your plans. The frontend limit is still 5,000 issues.

    App signing is now enabled by default for app installations

    For: ADMINS In this release, app signing is enabled by default. This feature improves app security and was gradually rolled out across Data Center products. For details, check out this community post. App signing affects only new app installations; already installed apps will remain intact. The steps you need to take differ depending on whether you install applications from the Marketplace or build your custom applications. Install apps from the Marketplace To do so:

    1. Configure the location of the truststore folder as described in Configuring UPM app signature check.
    2. Download and install the Atlassian Certificates bundle. For details, see Updating Atlassian Certificate Bundles.
    3. That’s it! Enjoy the safe app installations from the Marketplace.

    Install custom apps If you use custom application builds, you can sign and secure your apps:

    1. Configure the location of the truststore folder as described in Configuring UPM app signature check.
    2. Get the app signature and verification certificate as described in Generating app signature and verification certificate using OpenSSL.
    3. Put your new certificate in your Trust store as described in Updating Atlassian Certificate Bundles.
    4. Install the signed application. You can also install the app via the file system without using the app signing feature. If you’re experiencing issues, check out app signing troubleshooting.
    Check indexing stats in JMX

    For: ADMINS We’ve added indexing statistics to the In-Product Diagnostics (IPD). Previously, you could see these statistics exported in jira-stats only. Now, you can also access them through Java Management Extensions (JMX). This change simplifies the integration of indexing statistics with your existing observability tools. More about live monitoring using the JMX interface

    Faster user management

    For: ADMINS We've optimized the User Management view to reduce memory consumption and improve performance. Now, instead of navigating through all pages, the default display is limited to 10,000 users or 500 pages, which significantly reduces rendering time. To adjust this limit, go to System, select Advanced settings, and change the value of the jira.user.management.browsable.results.limit property. More about managing users

    Simplification of multipart handling in WebWork

    For: ADMINS We've removed several unused features of the WebWork library within Jira. These features weren't recommended for customization. If you've modified your webwork.properties file, ensure the following fields are set to their default values: webwork.multipart.parser=custom webwork.multipart.parser.class=com.atlassian.jira.web.TempFileRemovingMultipartRequestWrapper

    Removal of Trusted apps

    For: ADMINS We’re removing Trusted apps to reduce the number of insecure entry points into the products. We’ve replaced this way of exchanging information between Atlassian products with more secure solutions that follow industry best practices, like the OAuth 2.0 protocol.

    Before you upgrade to Jira 11.0

    Platform releases allow us to incorporate multiple significant changes (often called breaking changes) that aren't compatible with previous versions. These changes establish a strong foundation for more extensive development in future releases. In this release, we’ve made significant changes in our core architecture to increase security and performance. Before upgrading, visit the Jira 11.0 upgrade notes to review important upgrade steps and see the full list of issues resolved.

    Check the compatibility of your Marketplace apps

    As a major release, Jira 11.0 introduces backward-incompatible changes to the apps' API. If you build custom in-house apps, you need to test their compatibility and update them. If you have installed apps from the Atlassian marketplace or another source, you also need to check their compatibility and update them before performing the upgrade. To check app compatibility, visit Checking app compatibility with application updates or the Atlassian Marketplace to see if your app hosting is compatible with your product version.

    Resolved issues

    See the full list of the issues we’ve resolved throughout the lifecycle of Jira Software 11.0.

    Issues resolved in 11.0.0

    Released on 13 August 2025 [Detailed list of resolved issues omitted for brevity]

    Issues resolved in 11.0.1

    Released on 4 September 2025 [Detailed list of resolved issues omitted for brevity]

    Last modified on Sep 4, 2025 Was this helpful? Yes No Provide feedback about this article Powered by Confluence and Scroll Viewport.

  • Aug 7, 2025
    • Parsed from source:
      Aug 7, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Confluence by Atlassian

    Confluence 10.0.2

    Original source

    Confluence 10.0.2 is a bug-fix release focused on stability. It fixes issues like disabling UPM app signature checks and a calendar permissions bug that blocked some users from creating or managing calendars and events. The notes also point users to the 10.0 release highlights and remind to review upgrade notes and back up before upgrading.

    Confluence 10.0.2 (Bug-fix release)

    The Atlassian Confluence team is pleased to announce the release of Confluence 10.0.2, which is a bug-fix release.

    Don't have Confluence 10.0 yet?

    Check out the new features and other highlights in the Confluence 10.0 release notes.

    Get the latest version.

    We recommend you read the Confluence 10.0 upgrade notes and you back up your confluence-home directory and database before upgrading.

    Issues resolved in 10.0.2 include:

    • CONFSERVER-100507: UPM app signature check cannot be disabled (Bug, Highest priority, Fixed)
    • CONFSERVER-100355: Specific users are not able to create/remove Calendars or add/remove Events in Team Calendars due to a value not being in the inclusive range of 0 to 10000 (Bug, Low priority, Fixed)

    Last modified on Aug 7, 2025.

  • Aug 5, 2025
    • Parsed from source:
      Aug 5, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Confluence by Atlassian

    Confluence 10.0

    Original source

    Confluence 10.0 delivers major security and platform upgrades (Spring/Jakarta, Tomcat 10.1), removes deprecated components and themes (AUI 10 elements, LESS, Trusted apps, Original theme), introduces a global serialization filter, default app signing, CSP adoption, enhanced Synchrony monitoring, OAuth 2.0 2LO scopes, and label display controls. Data Center only with upgrade guidance and resolved-<

    We're excited to present Confluence 10.0

    Highlights

    • Spring and Jakarta upgrade
    • Removal of deprecated components in AUI 10
    • End of support for LESS
    • Removal of Trusted apps
    • End of support for the Original theme
    • Global serialization filter
    • App signing is now enabled by default for app installations
      • Install apps from the Marketplace
      • Install custom apps
    • Enhanced security with Content Security Policy
    • Basic authentication disabled by default
    • Monitoring and observability of the Synchrony process
    • Add scopes to REST endpoints to use OAuth 2.0 2LO
    • Control how many labels display in macros

    This Confluence release supports only Data Center licenses. If you have a Server license, check out your options for upgrading.

    More

    Read the upgrade notes for important info about this release and see the full list of issues resolved.

    Thanks for your feedback More than 306 votes satisfied!

    Spring and Jakarta upgrade

    For: ADMINS

    To maintain high security standards and keep dependencies supported and up to date, we’re upgrading Spring to the 6.x line, Jakarta to EE Platform 10, Apache Tomcat to 10.1 as well as other libraries that depend on Spring and Jakarta. The Apache Tomcat upgrade also introduces changes under the Jakarta Servlet specification. If you rely on custom server settings or connectors, review the following before upgrading:

    • Check custom server.xml configurations, especially any references to "javax.servlet" APIs. Tomcat 10.1 has migrated to the "jakarta.servlet" namespace.
    • Verify that any connectors (HTTP, AJP, etc.) are still supported and properly configured in Tomcat 10.1.
    • Confirm that any security or TLS/SSL settings are compatible with Tomcat 10.1’s default cryptographic protocols. For detailed information on the changes introduced in Tomcat 10.1, consult the official Apache Tomcat documentation.
    Removal of deprecated components in AUI 10

    For: ADMINS

    We’re removing some outdated AUI 10 components with design and accessibility issues (Dropdown 1 and Toolbar 1) and updating internal dependencies to better support jQuery 3 and proactively address security issues.

    End of support for LESS

    For: ADMINS

    To enhance security and performance, we’re removing the ability to transform LESS to CSS at runtime and requiring it to be transpiled into CSS at compile time.

    Removal of Trusted apps

    For: ADMINS

    Trusted apps won't be available starting from Confluence 10.0. We’re removing Trusted apps to reduce the number of insecure entry points into the products. We’ve replaced this way of exchanging information between Atlassian products with more secure solutions that follow industry best practices, like the OAuth 2.0 protocol.

    End of support for the Original theme

    For: ADMINS

    With the new light and dark themes that brought accessibility and usability improvements, we’re removing the original theme from all products.

    Global serialization filter

    For: ADMINS

    We’re implementing a global serialization filter that relies on a central blocklist for Java deserialization, Velocity, Struts, and XStream. This filter is designed to block specific classes and patterns that are recognized as vulnerable to Remote Code Execution (RCE) through publicly known gadget chains. We’ve implemented several important changes regarding the use of XStream:

    1. XStream now includes a predefined blocklist of known vulnerable classes that are prohibited from being serialized or deserialized.
    2. If there is a need to serialize or deserialize custom class types, apps must define these types in their module descriptor. For example:
    java.util.Map 3. The option to allow types through regular expressions has been removed. App signing is now enabled by default for app installations

    For: ADMINS

    In this release, app signing is enabled by default. This feature improves app security and was gradually rolled out across Data Center products. For details, check out this community post. App signing affects only new app installations; already installed apps will remain intact. The steps you need to take differ depending on whether you install applications from the Marketplace or build your custom applications.

      1. Configure the location of the truststore folder as described in Configuring UPM app signature check.
      1. Download and install the Atlassian Certificates bundle. For details, see Updating Atlassian Certificate Bundles.
      1. That’s it! Enjoy the safe app installations from the Marketplace.
    • Install custom apps
    • If you use custom application builds, you can sign and secure your apps:
      1. Configure the location of the truststore folder as described in Configuring UPM app signature check.
      1. Get the app signature and verification certificate as described in Generating app signature and verification certificate using OpenSSL.
      1. Put your new certificate in your trust store as described in Updating Atlassian Certificate Bundles.
      1. Install the signed application. You can also install the app via the file system without using the app signing feature. If you’re experiencing issues, check out App signing troubleshooting.
    Enhanced security with Content Security Policy

    For: ADMINS

    We're implementing Content Security Policy (CSP) in Confluence 10.0. This new feature enhances security by instructing your web browser on what content is allowed to run on the page, significantly reducing the risk of cross-site scripting (XSS) and other code injection attacks. By controlling which resources a document can load, CSP helps protect against data exfiltration and improves the overall stability and reliability of Confluence. In Confluence 10.0, the script-src CSP header is enabled in a report-only mode. This means that while the system logs any violations, it won't block resources, allowing us to monitor potential security issues without affecting your experience. Full enforcement of CSP will be introduced in Confluence 11.

    Basic authentication disabled by default

    For: ADMINS

    We’re disabling authentication with basic authentication by default. This is a first step towards the removal of basic authentication altogether as we develop and mature alternatives to support the remaining few use cases. This change impacts only fresh installs (new customers); existing or upgraded Confluence setups won’t be affected.

    Monitoring and observability of the Synchrony process

    For: ADMINS

    We're pleased to announce the launch of enhanced monitoring capabilities for the Synchrony component in Confluence. With this update, you can now monitor Synchrony processes more effectively, ensuring system reliability and quick problem resolution. This update will allow you to export core Java Virtual Machine (JVM) and Synchrony-specific metrics via JMX or statsD, facilitating better integration with your existing monitoring systems. Core JVM metrics include various performance indicators such as garbage collection, memory usage, and CPU utilization. These metrics provide insights into the overall health and performance of the JVM environment. Synchrony-specific metrics focus on the performance of the Synchrony process itself. They include message processing times, user activity, and error counts, helping you monitor and optimize the collaborative editing experience. For details on metrics, refer to Monitor and observe the Synchrony process. To configure monitoring, use system properties or environmental variables. If Synchrony is managed by Confluence, add these properties to the synchrony-args.properties file. For detailed configuration instructions, refer to Configuring Synchrony.

    Add scopes to REST endpoints to use OAuth 2.0 2LO

    For: ADMINS

    We’ve introduced @ScopesAllowed to improve security and control over REST endpoints. Add the @ScopesAllowed annotation to your endpoints to make them accessible using an OAuth 2.0 Client Credentials token (2LO). For example, this annotation requires that the access token has the WRITE scope before providing access to this endpoint. @POST @ScopesAllowed(requiredScope = "WRITE") public void createEntity(...) {} Supported scopes are documented here:

    • Confluence: OAuth 2.0 scopes for incoming links
    • Jira: OAuth 2.0 scopes for incoming links
    • Bitbucket: OAuth 2.0 scopes for incoming links
    • Bamboo: OAuth 2.0 scopes for incoming links
    • Crowd: Configuring an incoming link
    Control how many labels display in macros

    For: ADMINS END USERS

    You can set the number of labels shown in the Label List, Recently Used Labels, and Popular Labels macros using the Number of Labels to Display field. When searching for labels to display in a macro, Confluence processes up to 1,000,000 labels by default. Admins can change this limit by adding a system property to the configuration file. Raising the limit helps if your site has many labels and searches aren’t returning all results, but it may slow down performance. For detailed instructions and applicable macros, check Display Pages with Label Macros.

    Resolved issues

    For full details of bugs fixed and suggestions resolved, head to our public issues tracker on Jira.

    Issues resolved in 10.0.3 Released on 03 September 2025 5 issues

    Issues resolved in 10.0.2 Released on 07 August 2025 2 issues

    Issues resolved in 10.0.1 Released on 05 August 2025

    Get ready to upgrade

    Before you upgrade, check out the Confluence 10.0 upgrade notes for important changes in this release, then follow the usual upgrade instructions to upgrade your site. Been a while since your last upgrade? Check out our upgrade matrix for a bird's-eye view of the most important changes since Confluence 9.2 LTS. Don't forget to renew your software maintenance. The minimum supported version for this release is 7.12 LTS. If you’re upgrading from a lower version, first perform an interim upgrade to 7.19 LTS or higher, and then upgrade to 10.0. For details, refer to Upgrading Confluence.

    Credits

    Our wonderful customers... You play an important role in making Confluence better. Thanks to everyone who participated in interviews with us, made suggestions, voted, and reported bugs!

    Last modified on Sep 8, 2025

    Was this helpful? Yes No Provide feedback about this article

    Powered by Confluence and Scroll Viewport.

  • Aug 5, 2025
    • Parsed from source:
      Aug 5, 2025
    • Detected by Releasebot:
      Sep 29, 2025
    Atlassian logo

    Confluence by Atlassian

    Confluence 9.5.3

    Original source

    Confluence 9.5.3 is a bug‑fix release addressing a wide range of issues—from third‑party plugin loading, OOMs and high CPU, and authentication glitches, to XSS, CAPTCHA, theme and calendar quirks, export hangs, REST and admin/group problems, and more. Upgrade notes and backups advised.

    Confluence 9.5.3 Release Notes

    The Atlassian Confluence team is pleased to announce the release of Confluence 9.5.3, which is a bug-fix release.

    Don't have Confluence 9.5 yet?

    Check out the new features and other highlights in the Confluence 9.5 release notes.

    Get the latest version.

    We recommend you read the Confluence 9.5 upgrade notes and you back up your confluence-home directory and database before upgrading.

    Issues resolved in 9.5.3 include various bugs such as:
    • Some Third-Party Plugins Prevent UPM 6.1.16 Plugin List from Loading Due to Dependency Change
    • Confluence can encounter OOM issue intermittently due to Hibernate L2 cache i.e com.hazelcast.hibernate.local.LocalRegionCache
    • Confluence is throwing error about CSSErrorListener in the logs while a user is being mentioned on a page comment
    • Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance
    • Stored XSS in Confluence DC resolved Comments
    • KB articles asking for login to Confluence when JSM customer/user tries to view on Confluence
    • CAPTCHA Validation Always Fails in Confluence
    • Disabling theme.switcher reverts to Original theme with missing nav header colors
    • When performing a "Custom Export" in PDF or HTML the page tree keeps loading infinitely, especially with large spaces and complex page hierarchy
    • Analytics Direct‑URL Bypass Ignores Global Analytics Permissions in Confluence Data Center
    • Confluence OOM/High CPU usage issue due to Activity streams gadgets request from Jira
    • Changing the Event Color in Team Calendars won't affect the Event Icon if using Dark or Light Themes
    • The team calendar event text from Jira is the same as the background color, which becomes invisible if the event is marked as closed/done from Jira
    • Specific users are not able to create/remove Calendars or add/remove Events in Team Calendars due to a value not being in the inclusive range of 0 to 10000
    • The Labelled Content page for a label tied to attachments are not rendered after a cache flush/system restart
    • Popular Labels macro resulted in 500 Internal Server Error on REST API request for Page Body
    • Users are unable to be granted system administrator privileges via a nested group or AD group
    • Thread stuck indefinitely while connecting to IMAPS mail account
    • Hovering over the different Event Types in Team Calendars does not show the "..." (more) menu
    • Link to "Turn Off Reminder" in Team Calendar mail notifications redirects to "Method Not Allowed" error page

    Last modified on Aug 5, 2025.