This documentation is intended for Confluence developers who want to ensure that their existing plugins and apps are compatible with Confluence 7.16.

Watch this page to find out when a new milestone is available and what’s changed. We will publish formal release notes once we release a beta.

Latest milestone

Issues with this milestone?

Hit the Feedback button on the Confluence EAP header or raise an issue to tell us about it.

Planned changes

In this section we'll provide an overview of the changes we intend to make, so you can start thinking how it might impact your app. We'll indicate when a change has been implemented, and in which milestone. 

Security uplift

Status: ONGOING

We're continuing to identify and upgrade core components and libraries to the newest versions. We will not break our official APIs. However, certain libraries, transitive dependencies, and behaviours might change.

WRM upgrade

Status: COMPLETE 

In this release we are upgrading WRM (web-resource manager) from 4.1.8 to 5.4.11.  Get an overview of the changes in the changelog. 

We don't expect this upgrade to have any impact on your apps, as there are no breaking changes to the API. However, there are some implementation changes that may have an impact.

Changes in Java

Several implementation details in the atlassian-plugins-webresource module have changed. If your app depends upon this module directly, you may be impacted by these changes. Consult the version 5 upgrade guide for a list of these changes.

Changes in JavaScript

The WRM.require function previously returned a jQuery.Deferred object. In WRM 5, it returns a native Promise.

If you are using the return value of WRM.require:

var thenable = WRM.require('a-resurce-or-context-name')

there will be some subtle differences in the behaviour of the returned object. These are covered in the version 5 upgrade guide.

If you're using: 

WRM.require('a-resource-or-context-name')

or

WRM.require('a-resource-or-context-name', function callMeWhenEverythingLoads() { ... })

everything will continue to work as it did previously.

Changes to basic authentication

Status: COMPLETE

We plan to provide admins the ability to disable basic authentication, and will be recommending any integrations use personal access tokens instead. Learn more about disabling basic authentication . You can start testing now by manually upgrading the SSO for Atlassian Server and Data Center to 4.2.0. 

Change to page and attachment history versioning

Status: COMPLETE

As part of our work to introduce retention rules for historical page and attachment versions, we have changed the way versions are numbered in the page history and attachment history.

Versions will not be renumbered when deleted by a user, or by the retention rules scheduled jobs. This may cause issues for apps that rely on the current behaviour where versions are reordered after deletion.  

Blocked XStream classes

Status: COMPLETE

As part of our security uplift work, we now block certain XStream classes. This change will also be backported to 7.15.1, 7.13.5, and 7.4.16. 

Package list

sun.reflect.**, 
sun.tracing.**, 
com.sun.corba.**

Pattern list

.*\\.ws\\.client\\.sei\\..*, 
.*\\$ProxyLazyValue, 
com\\.sun\\.jndi\\..*Enumerat(?:ion|or), 
.*\\$URLData, 
.*\\.xsltc\\.trax\\.TemplatesImpl

Hibernate upgrade

Status: ADVANCE NOTICE

We're working on upgrading Hibernate from 5.2 to 5.4. This includes breaking changes like removing deprecated features/interfaces.

Notable features that have been removed:

• Support for JDBC parameterised queries. Classes that implement  HibernateContentQueryFactory  should be verified to assure that named parameters are used instead.
  
• RegionAccessStrategy  and other access strategy interfaces have been replaced.

See Hibernate 5.2 to 5.4 upgrade contains breaking changes for more information. 

We are now targeting our next platform release (8.0) for this work. 

Removal of editor-v3 

Status: ADVANCE NOTICE

When we upgraded our editor to TinyMCE v4 way back in Confluence 6.14, we introduced an unsupported dark feature that could be used to revert to the v3 editor (frontend.editor.v4 / frontend.editor.v4.disable). We plan to remove this dark feature flag in a future Confluence release, as they are no longer tested or reliable.

Once that happens, the editor-v3 WRM context will no longer be loaded. Any resources used only in this context can be removed completely. The editor and editor-v4 contexts are unchanged, and with this change, resources in editor-v4 can be safely moved to editor.

Implemented changes

In this section we'll provide details of changes we have implemented, organised by the milestone they are first available in. This will help you decide which milestone to use when testing.

Release candidate - 17 January 2022

7.16.0-rc1

In this release candidate:

• Block certain XStream classes

Beta 2 - 4 January 2022

7.16.0-beta2

The 7.16 beta will be available soon. In this beta release:

• Use retention rules to clean up historical data automatically
• Use multiple identity providers (IdPs) for single sign-on
• Block basic authentication
• Faster permissions checks for complex sites
• Exclude spaces from the data pipeline

• Added support for Microsoft SQL Server 2019  

See Confluence 7.16 beta release notes for full details of everything in this release.

(Beta 1 encountered some gremlins, so was not released)

EAP 4 - 13 December 2021

Milestone 7.16.0-m52

• Upgraded WRM to 5.4.11
• Upgraded SSO app to 4.2.7 which provides the ability to configure multiple IdPs and disable basic authentication. 

EAP 3 - 7 December 2021

Milestone 7.16.0-m49

• No significant changes in this milestone

EAP 2 - 29 November 2021

Milestone 7.16.0-m39

• Upgraded Spring from 5.1.x to 5.3.x
• Upgraded Atlassian Plugins from 5.3.x to 5.7.x

EAP 1 – 22 November 2021

Milestone 7.16.0-m30

• Page and attachment versions are not renumbered when a version is deleted
• Set retention rules to automatically delete historical page and attachment versions, and purge deleted items from the trash.