Bamboo 11.0 release notes

Bamboo release notes

On this page

In this section

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

April 2024

We’re proud to present Bamboo 11.0.

Take some time and read through the release notes to learn what we've prepared for you this time. If you plan to upgrade, swing by the Bamboo 11.0 upgrade notes to check for any breaking change and don’t forget to check out the full list of resolved issues.

Get the latest version

Read the documentation

Highlights

Bamboo 11.0.0

Release date:  

Here's what's new in Bamboo 11.0.0.

Freemarker and Velocity templates allowlist security improvements

We're taking steps to secure installation directories for all Data Center products. These changes increase the difficulty for an attacker to exploit filesystem access and allow customers to verify the state of the product installation.

From Bamboo 11.0, all Velocity files stored on the filesystem (for example, shared, local home, or any other) will need to be explicitly allowlisted and must be of a specific file type. Files stored inside .jar files and bundled within plugins will not be affected.

In addition, all method invocations within Freemarker or Velocity templates must be explicitly allowlisted. For more information, visit Configuring the Velocity method allowlist and Configuring the Velocity file and file type allowlist. For Freemarker, visit Configuring the Freemarker method allowlist.

Migration to Apache Struts 6

We’ve upgraded to Struts 6. Make sure you’re aware of the following changes:

  • Annotate getters with @StrutsParameter(depth=X) (dependency on struts-corelib)

  • Annotate setters with @StrutsParameter (dependency on struts-corelib)

  • The action method previously named doSomething must now be fully informed. Previously, the do prefix could be suppressed.

  • The method previously named getBamboo() has been renamed to getBambooContainer() to avoid warnings from Struts when .bamboo. is used in our templates.

  • OGNL Allowlist.

You can find extensive documentation on how to apply these changes at https://developer.atlassian.com/server/confluence/struts-module/

Your deployment projects and environments are cached now

Bamboo 11 introduces application-level caching for deployment projects and environments to elevate your daily experience. This can be especially beneficial if you utilize them heavily or have many of them. Bamboo speeds up display times and optimizes resource usage by serving cached objects for user interface and background processing. We recommend that you keep this enabled, though you can disable it via the system property bamboo.deployment.cache.enabled.

Automatic offline agents management

As an admin, you can now configure policies for the automatic removal of offline agents. This feature helps free up agent names and keeps your instance data tidy and clean. Enabling this will enhance your agents' processing performance.

Secure app installations with app signing

To improve app security, we’re introducing a new feature that will restrict app installations to only those that are signed. This will help us to:

  • ensure that apps are either from Atlassian Marketplace or manually uploaded by trusted partners

  • prevent malicious actors from uploading harmful apps

App signing affects only new app installations, already installed apps will remain intact.

This feature will be gradually rolled out across Data Center products by mid-2025. For details, check out this community post.

In this release, app signing is disabled by default. The grace period will last until the next feature release of Universal Plugin Manager (UPM), after which app signing will be enabled by default.

Use the grace period to adapt your processes. The steps you need to take differ depending on whether you install applications from the Marketplace or build your custom applications.

Enable app signing and install from Marketplace

During the grace period, you can enable app signing at your convenience. To do so:

  1. Enable app signing. For details, see Configuring UPM app signature check.

  2. Download and install Certificate Authority (CA) from Atlassian. For details, see Updating Atlassian Certificate Bundles.

  3. That’s it! Enjoy the safe app installations from Marketplace.

Install custom apps

If you use custom application builds, you can sign and secure your apps:

  1. Enable app signing. For details, see Configuring UPM app signature check.

  2. Get the app signature and verification certificate as described in Generating app signature and verification certificate using OpenSSL.

  3. Put your new certificate in your Trust store as described in Updating Atlassian Certificate Bundles.

  4. Install the signed application.

You can also install the app via the file system without using the app signing feature.

If you’re experiencing issues, check out app signing troubleshooting.

Updates to supported platforms

See what changes are in store for the supported platforms in Bamboo. For more information about what the latest stable release of Bamboo supports, see Supported platforms.

End of support announcements

In this release, we’re removing support for:

(warning) PostgreSQL 14

In this release, we’re deprecating support for:

(warning) PostgreSQL 15

(warning) SQL Server 2017

(warning) MySQL 8.0

(warning) Java 17

We are actively working on adding support for MySQL 8.4

New supported platforms

Bamboo 11.0 doesn’t introduce support for any new software platforms.

Resolved issues

Scroll through the list of the issues we’ve resolved throughout the lifecycle of Bamboo 11.0.

Issues resolved in Bamboo 11.0.1
Released on  

T Key Summary Status
Refresh

Issues resolved in Bamboo 11.0.0
Released on  

T Key Summary Status
Refresh






Last modified on May 8, 2025

Was this helpful?

Yes
No
Provide feedback about this article

In this section

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.