Cloud
Data Center 9.1
Versions

Preparing for Confluence 8.7

Confluence Development Releases

On this page

In this section

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

This documentation is intended for Confluence developers who want to ensure that their existing plugins and apps are compatible with Confluence 8.7

Watch this page to find out when a new milestone is available and what’s changed. We will publish formal release notes once we release a beta.

Latest milestones

28 November 2023

8.7.0-rc1

Download

Issues with this milestone?

Hit the Feedback button on the Confluence EAP header or raise an issue to tell us about it.

On this page:

Planned changes

In this section we'll provide an overview of the changes we intend to make, so you can start thinking how it might impact your app. We'll indicate when a change has been implemented, and in which milestone. 

Confluence 8.7 will only be available to Data Center customers. If you have a Server license, check out your options for upgrading.

Atlassian User Interface (AUI) 9.x upgrade

Status: DELAYED

We're working on upgrading AUI from 9.2.2 to a later 9.x version (to be confirmed). We're exploring the risks and changes this will have on your apps and will share any updates here as we go.

We last upgraded AUI from 8.3.5 to 9.2.0 in Confluence 7.12.

Unauthorized multipart requests won't be parsed unless explicitly allowed

Status: DONE

Updated – we've provided new instructions for adding multipart requests to the allowlist.

In previous Confluence versions, the multipart component of requests was parsed for access irrespective of the request's authorization state (excludes REST API endpoints and custom servlets).

From Confluence 8.7.0, multipart requests will only be parsed if the request is authorized per the logic in ConfluencePermissionEnforcer#enforceSiteAccess, that is:

  • Unauthenticated multipart requests will only be parsed if the site has enabled global anonymous access.
  • Authenticated multipart requests from license-unassigned users will only be parsed if the site has enabled unlicensed access.
  • Authenticated multipart requests from license-assigned users will always be parsed.

If you have endpoints that need to parse multipart requests outside the above access criteria, add them to an allowlist. To do this, add a multipart-upload-allowlist element within a Struts module descriptor:

<struts>
    <multipart-upload-allowlist key="my-multipart-allowlist">
        <regex>/admin/test\.action.*</regex>
        <regex>/other/test\.action.*</regex>
    </multipart-upload-allowlist>
</struts>

If your customers are still experiencing issues due to a potentially misconfigured app, they can also specify endpoints using the system property multipart.unauthorised.allowed.patterns which accepts a comma-delimited list of RegEx.

Embedded Crowd upgrade

Status: DONE

In this release we plan to upgrade embedded Crowd from 5.0.7 to 5.1.6. There are several performance and stability improvements. You also now have the option to set up a dynamic LDAP connection pool.

See all LDAP connection pool options

Support for Microsoft SQL Server 2022

Status: DONE

We plan to add support for MS SQL Server 2022 in this release. We'll let you know if we discover any issues that might be relevant to plugins.

Support for Pgpool-II

Status: DONE

We plan to add Pgpool-II support in this release. Pgpool-II is an open-source database solution based on PostgreSQL that'll provide a proxy between Confluence and a PostgreSQL database cluster. It enhances disaster recovery and will help our customers ensure the fulfillment of their business continuity planning. 

Learn how to set up Pgpool-II for Confluence 

Secret manager extends coverage to HashiCorp Vault

Status: DONE

We're ramping up our encryption options once again, so you have more autonomy when storing your secrets. In Confluence 8.6, we offered AWS Secrets Manager as a new encryption option for plaintext database storage. In Confluence 8.7, we'll introduce HashiCorp Vault. Using  V2 of the HashiCorp KV Secret Engine, we'll offer encryption options for HashiCorp tokens and Kubernetes Service Account Tokens.

Read how you can configure your Confluence instance

Sort table content in the editor

Status: DONE

You'll be able to sort table columns in the editor by selecting the sort icon in the table header. You'll also be able to save these changes by publishing the page.

In earlier versions of Confluence, table sorting is only available when viewing a page and is a temporary state.

Bulk deletion of attachments

Status: DELAYED

Previously if users wanted to delete attachments from a page or blog post, they’d have to do this one at a time. Now, they’re able to select up to 20 attachments to delete at once.

This feature is currently under the dark flag as we continue to run tests. You can use Confluence.bulk.delete.attachments to enable this feature. We plan to have this feature enabled by default when it ships.

OpenSearch opt-in

Status: ADVANCE NOTICE

We're making plans to provide an alternative to our search engine, Lucene, with OpenSearch to be included as an opt-in feature in a future Confluence release. This will provide more advanced indexing options leading to less processing requirements. While we work on this change, make sure you keep checking the OpenSearch upgrade guide for updates to ensure a smooth transition.

Removal of Gray APIs

Status: ADVANCE NOTICE

In Confluence 9.0, we plan to remove the ability for plugins to load many third-party libraries (also known as Gray APIs). This upgrade will allow us to improve Confluence more frequently without breaking your app or requiring you to do significant testing and rework when things change.

From Confluence 8.7 to 8.9, these third-party libraries as well as a few Atlassian-specific libraries will no longer be exposed as transitive Maven dependencies of the main confluence artefact. To compensate for this, plugins will need to explicitly declare those dependencies by bundling them.

Note that before Confluence 9.0, there will be no runtime changes affecting the availabilities of these libraries and binary compatibility will be maintained. The changes in Confluence 8.7 through to 8.9 are only built-time changes and will pave the way for runtime removals in Confluence 9.0.

To learn more about this change and get your apps ready, refer to the Gray API developer guide.

Implemented changes

In this section we'll provide details of changes we have implemented, organised by the milestone they are first available in. This will help you decide which milestone to use when testing.

RC – 28 November 2023

Milestone 8.7.0-rc1

Contains:

  • Minor bug fixes

Beta – 21 November 2023

Milestone 8.7.0-beta1

Contains:

  • Embedded crowd 5.1.6 upgrade
  • Additional Space trash data
  • Support for Pgpool-II
  • Support for MS SQL Server 2022
  • HashiCorp Vault
  • Bug fixes

EAP 2 – 13 November 2023

Milestone 8.7.0-m48

Contains:

  • Dark feature: Bulk-select attachments to delete or download
  • Updated: Changes to unauthorized multipart requests
  • Bug fixes

EAP 1 – 6 November 2023

Milestone 8.7.0-m41

Contains:

  • Changes to unauthorized multipart requests
  • Atlassian Companion upgrade
  • Table sorting in the editor
  • Bug fixes


Looking for updated documentation? Check out the Confluence EAP space for the latest docs.

Did you know we’ve got a new developer community? Head to community.developer.atlassian.com/ to check it out! We’ll be posting in the announcements category if when new EAP releases are available.

Last modified on Feb 29, 2024

Was this helpful?

Yes
No
Provide feedback about this article

In this section

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.