Confluence 7.13 Release Notes

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

17 August 2021
We're excited to present Confluence 7.13.

Highlights

   

 .  

More

Read the upgrade notes for important info about this release and see the full list of issues resolved


Thanks for your feedback

More than 3,000 votes satisfied
since the last Long Term Support release.

Confluence Server and Data Center 7.13 is a Long Term Support release
This means we'll provide bug fix releases until 7.13 reaches end of life, to address critical security, stability, data integrity, and performance issues. 

Ready to upgrade? Check the 7.13 LTS change log for a roll-up of changes since 7.4. 




Long Term Support release roundup

It's been more than 12 months since our last Long Term Support release, Confluence 7.4. In that time we've shipped a huge amount of value, especially for Data Center:

  • More audit log events, including logging end-user activity
  • Single sign-on with OpenID
  • Access logging enabled by default
  • Webhooks and personal access tokens for better integrations
  • Analytics for tracking page views, edits, and more.

All in all we've resolved over 260 issues since 7.4.0 For a bird's eye view of all the changes, check out the Confluence 7.13 Long Term Support Release Change Log

So what can you expect from Confluence 7.13?  We've been focused on raising the already high bar we’ve set for quality, stability, and performance, and have tackled some particularly high impact bugs to make sure Confluence 7.13 is the best it can be. 



Security check-up

Upgrading to a new Long Term Support release is a great time to check your site security. We've put together a list of things you might want to check as part of this upgrade, as our recommendations may have changed since you first installed Confluence. 

  • Subscribe to advisory alerts and keep technical contact details up to date
    Receive security advisory alerts and other important technical updates. 
    Atlassian email and privacy preferences 

  • Run Confluence with a dedicated non-root user account
    Limit that account to just the directories that Confluence needs to write to. 
    Learn how to create a dedicated user account
     
  • Limit the accounts that can access Confluence directories
    Ensure only selected user accounts can read and write to Confluence directories, including custom directories where you might store attachments, backups, or data pipeline exports.
    Learn how to allow the account to write to particular directories
     
  • Limit hosts which can mount network file systems
    Limit the hosts that can mount NFS file systems to just the Confluence host (such as in the /etc/exports file in Linux). Refer to your operating system documentation to find out how to do this.
     
  • Limit database access 
    Limit database access to just the Confluence host (using iptables or built in database security tools). Refer to your database documentation to find out how to do this.
     
  • Use secure administrator sessions
    Require admins to re-enter their password to access admin functions, and set a short timeout for the administrator session. 
    Learn how to turn on secure administrator sessions
     
  • Use the allowlist
    Limit incoming and outgoing connections to avoid Server-Side Request Forgery (SSRF) attacks.
    Learn how to turn on the allowlist

     
  • Use personal access tokens for integrations
    Provide a more secure way to authenticate API requests than basic authentication (username and password)
    Learn how to manage personal access tokens
     
  • Review confluence-administrators group membership
    Members of this 'super group' can access all admin functions and access all content, including restricted pages. Consider limiting the members of this group and instead create a new group with system administrator global permissions. 
    Learn about the confluence-administrators super group
     
  • Review administrator account practices
    Avoid shared admin accounts, and easily guessed usernames like 'admin' or 'jdoe'. Consider providing administrators with two accounts, allowing them to use different accounts for day-to-day Confluence use and administrator tasks. 
      
  • Monitor the access log  
    Access logs can help you identify unusual activity. Logs are written to the install directory, and you may want to monitor these logs using your preferred monitoring tool.  
    Learn about access logging
      
  • Use rate limiting to block all requests from anonymous users  DATA CENTER
    Block REST API requests from anonymous users if you don't have a reason to allow them, or limit the number of requests to reduce the risk of DoS attacks 
    Learn how to use rate limiting to block requests
       
  • Review audit log settings DATA CENTER
    The audit log capabilities may have changed significantly since your last upgrade. Check which events you can monitor. 
    Learn which events you can write to the audit log
     
  • Consider single-sign on DATA CENTER
    There are a number of options for integrating Confluence with your identity provider for SSO.
    Learn about the various SSO options available


Resolved issues

For full details of bugs fixed and suggestions resolved, head to Jira.


Get ready to upgrade

Before you upgrade, check out the Upgrade Notes for important changes in this release, then follow the usual upgrade instructions to upgrade your site.

Credits

Our wonderful customers...

You play an important role in making Confluence better. Thanks to everyone who participated in interviews with us, made suggestions, voted, and reported bugs!

Last modified on Mar 23, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.