Bitbucket Data Center 10.0 release notes
8 September 2025
The Bitbucket Data Center 10.0 platform release is now available for upgrade. With this release, you’re getting many features that will enhance your developer experience along with important security updates introduced with the upgrade to Atlassian Data Center Platform 8.
Highlights include:
- Bitbucket Data Center 10.0 is a platform release
- Refreshed Source view for a consistent experience
- The Look and Feel app is now integrated
- Basic auth is disabled by default for new instances
- OpenSearch is no longer bundled with Bitbucket
- Instance health checks are now available in Bitbucket
- Client Web Fragments removal
- Atlassian Data Center Platform 8
- App signing is now enabled by default for app installations
- Removal of deprecated components in AUI 10
- Spring and Jakarta upgrade
- Update to jQuery 3
- End of support for LESS
- Removal of Trusted apps
- End of support for the Original theme
- Global serialization filter
- Add scopes to REST endpoints to use OAuth 2.0 2LO
- Before you upgrade to 10.0
- Updates to supported platforms
- Security advisories
- Change log
Bitbucket Data Center 10.0 is a platform release
We’re excited to announce Bitbucket Data Center 10.0 – the newest platform release since July 2024. Platform releases drive compelling value as they allow us to include multiple breaking changes, which establish a foundation for continuous improvement and value in future Data Center releases.
Based on Bitbucket 9.0, the latest platform release, Bitbucket 10.0 includes loads of useful features for:
full-color accessibility mode
multiline comments and suggestions
new login experience with two-step verification
default reviewer groups for pull requests
secure app installations with app signing
security monitoring and alerts
enhanced security for database-stored secrets
As a platform release, Bitbucket 10.0 also includes an upgrade to Atlassian Data Center Platform 8. This new version of Data Center Platform is shared with other Data Center products, like Jira Software 11.0 and Confluence 10.0. Data Center Platform 8 upgrades several components under the hood to enhance security and ensure compliance with the latest industry standards.
Refreshed Source view for a consistent experience
For: END USERS ADMINS
We’ve updated the Source view to align with the rest of the application, using the latest Atlaskit and custom React components. This refresh brings a more modern and consistent look and feel, making navigation and code review smoother.
More about frontend changes to the Source view
The Look and Feel app is now integrated
For: ADMINS
The Look and Feel app is now integrated directly into Bitbucket Data Center. You can customize your Bitbucket instance’s appearance without installing a separate app. From the admin settings, you can update your colors, logos, and other branding elements to match your organization’s style.
Basic auth is disabled by default for new instances
For: ADMINS
To improve security, basic auth is now disabled by default for REST API calls in new instances. If you’re upgrading an existing instance, Basic Auth remains enabled to ensure your current integrations keep working after the upgrade. You can enable or disable Basic Auth for REST calls at any time in the Authentication methods settings.
How to disable basic authentication
OpenSearch is no longer bundled with Bitbucket
For: ADMINS
Starting with Bitbucket 10.0, OpenSearch is no longer bundled with Bitbucket. If you run a single-node Bitbucket installation that uses bundled search, you now need to set up and connect your own remote OpenSearch server.
Clustered systems were already required to use an external OpenSearch instance, so this change doesn't affect them.
Review migration steps for OpenSearch
Instance health checks are now available in Bitbucket
For: ADMINS
Bitbucket now includes the Instance Health feature that gives a real-time overview of your system’s health. Instance Health automatically checks for common issues and notifies you about potential problems so you can take action before they impact your team.
Bitbucket now includes several dedicated health checks, such as security vulnerabilities, application links client credentials expiry, and certificate expiry. You’ll find these checks in the Instance Health tab under Troubleshooting and support tools (ATST). Each check provides guidance and direct links to relevant documentation, making it easier to resolve issues quickly.
Read more about Instance Health checks
Client Web Fragments removal
For: ADMINS
We’ve removed Client Web Fragments and replaced most of them with Client Side Extensions (CSEs). If you want to extend the functionality of your apps on these pages, move to the React-based CSE framework.
Read more about Client Web Fragments removal
Upcoming Jira REST API changes
For: ADMINS
Jira search REST APIs will be deprecated in December 2027. New Jira API endpoints are now available, and you’ll need to update your integrations to ensure compatibility.
Bitbucket Data Center versions 10.0.0 and later, 8.19.22, and 9.4.10 already use the new Jira search endpoints.
Review the enhanced search API details and plan your updates to avoid disruptions.
Check the enhanced search API announcement
Atlassian Data Center Platform 8
Bitbucket 10.0 includes an upgrade to Atlassian Data Center Platform 8. This upgrade improves the quality of our response to security changes, reducing disruption and breaking changes for Atlassian Marketplace apps.
Prepare your app for the upgrade to Platform 8
As part of the upgrade to Platform 8 and with the focus on enhanced security and performance, we’ve made the following updates.
App signing is now enabled by default for app installations
For: ADMINS
In this release, app signing is enabled by default. This feature improves app security and was gradually rolled out across Data Center products. For details, check out this community post.
App signing affects only new app installations; already installed apps will remain intact.
The steps you need to take differ depending on whether you install applications from the Marketplace or build your custom applications.
Install apps from the Marketplace
To do so:
Configure the location of the
truststorefolder as described in Configuring UPM app signature check.Download and install the Atlassian Certificates bundle. For details, see Updating Atlassian Certificate Bundles.
That’s it! Enjoy the safe app installations from the Marketplace.
Install custom apps
If you use custom application builds, you can sign and secure your apps:
Configure the location of the
truststorefolder as described in Configuring UPM app signature check.Get the app signature and verification certificate as described in Generating app signature and verification certificate using OpenSSL.
Put your new certificate in your Trust store as described in Updating Atlassian Certificate Bundles.
Install the signed application.
You can also install the app via the file system without using the app signing feature.
If you’re experiencing issues, check out app signing troubleshooting.
Removal of deprecated components in AUI 10
For: ADMINS
We’re removing some outdated AUI 10 components with design and accessibility issues (Dropdown 1 and Toolbar 1) and updating internal dependencies to better support jQuery 3 and proactively address security issues.
Spring and Jakarta upgrade
For: ADMINS
To maintain high security standards and keep dependencies supported and up to date, we’re upgrading Spring to the 6.x line, Jakarta to EE Platform 10, Apache Tomcat to 10.1 as well as other libraries that depend on Spring and Jakarta.
The Apache Tomcat upgrade also introduces changes under the Jakarta Servlet specification. If you rely on custom server settings or connectors, review the following before upgrading:
Check custom server.xml configurations, especially any references to "javax.servlet" APIs. Tomcat 10.1 has migrated to the "jakarta.servlet" namespace.
Verify that any connectors (HTTP, AJP, etc.) are still supported and properly configured in Tomcat 10.1.
Confirm that any security or TLS/SSL settings are compatible with Tomcat 10.1’s default cryptographic protocols.
For detailed information on the changes introduced in Tomcat 10.1, consult the official Apache Tomcat documentation.
Update to jQuery 3
For: ADMINS
We’re upgrading to jQuery 3 to align on jQuery versions across all Data Center products. This means a significant jQuery version uplift for products containing older versions of jQuery.
End of support for LESS
For: ADMINS
To enhance the security and performance, we’re removing the ability to transform LESS to CSS at runtime, requiring LESS to be transpiled into CSS at compile time.
Removal of Trusted apps
For: ADMINS
We’re removing Trusted apps to reduce the number of insecure entry points into the products. We’ve replaced this way of exchanging information between Atlassian products with more secure solutions that follow industry best practices, like the OAuth 2.0 protocol.
End of support for the Original theme
For: ADMINS
With the new light and dark themes that brought accessibility and usability improvements, we’re removing the original theme from all products.
Global serialization filter
For: ADMINS
We’re implementing a global serialization filter that relies on a central blocklist for Java deserialization, Velocity, Struts, and XStream. This filter is designed to block specific classes and patterns that are recognized as vulnerable to Remote Code Execution (RCE) through publicly known gadget chains.
Add scopes to REST endpoints to use OAuth 2.0 2LO
For: ADMINS
We’ve introduced @ScopesAllowed to improve security and control over REST endpoints.
Add the @ScopesAllowed annotation to your endpoints to make them accessible using an OAuth 2.0 Client Credentials token (2LO).
For example, this annotation requires that the access token has the WRITE scope before providing access to this endpoint.
@POST
@ScopesAllowed(requiredScope = "WRITE")
public void createEntity(...) {}Supported scopes are documented here:
Confluence: OAuth 2.0 scopes for incoming links
Bitbucket: OAuth 2.0 scopes for incoming links
Crowd: Configuring an incoming link
Before you upgrade to 10.0
IMPORTANT Platform releases allow us to incorporate multiple significant changes (often called “breaking changes”) that aren't compatible with previous versions. These changes establish a strong foundation for more extensive development in future releases.
We recommend that you review your apps before upgrading to reduce the risk of disruption for your organization.
To check app compatibility, visit Checking app compatibility with application updates, or the Atlassian Marketplace to see if your app hosting is compatible with your product version.
Before upgrading from an earlier version, check out our upgrade guide and upgrade matrix. Remember to renew your active software maintenance license too.
Download and install the Oracle driver if you use it as your database
Starting from version 9.0, Bitbucket Data Center no longer includes the Oracle database driver.
If your Bitbucket instance connects to an Oracle database, manually download and install the Oracle thin driver before starting your upgrade. If you skip this step, Bitbucket won’t be able to connect to your Oracle database after the upgrade.
Download the latest supported Oracle JDBC driver (ojdbc8.jar) directly from Oracle.
To install the driver in your Bitbucket installation directory, follow the steps in our Connect Bitbucket to Oracle.
Upgrade your internal apps
Before you upgrade your Bitbucket instance to 10.0, make sure you’ve upgraded your internal apps. For more details, check the Bitbucket Data Center upgrade guide.
Updates to supported platforms
In Bitbucket 10.0, we're introducing the following updates to supported platforms:
We’re adding support for the following platforms:
PostgreSQL 17
Amazon Aurora PostgreSQL 17
We’re also removing support for:
Java 17
Git 2.34.x - 2.41.x (on the server)
PostgreSQL 13-15
Amazon Aurora PostgreSQL 13-15
Microsoft SQL Server 2017
Learn more from the end of support announcements
Security advisories
At Atlassian, we prioritize the security of our products and have implemented a vulnerability management program to identify and resolve any security issues as quickly and comprehensively as possible. To stay informed about the latest security vulnerabilities and their corresponding fixes, visit Security Advisories.
Change log
Resolved issues in Bitbucket Data Center 10.0.2
Released 11 November 2025
Resolved issues in Bitbucket Data Center 10.0.1
Released 14 October 2025
Resolved issues in Bitbucket Data Center 10.0
Released 08 September 2025