Confluence 8.5 Release Notes
22 August 2023We're excited to present Confluence 8.5.
Confluence 8.5.x is the last version that supports Server licenses. Learn what this means for you
Thanks for your feedback
More than 5,900 votes satisfied
since the last Long Term Support release.
Confluence Server and Data Center 8.5 is a Long Term Support release
This means we'll provide bug fix releases until 8.5 reaches end of life, to address critical security, stability, data integrity, and performance issues.
Long Term Support release roundup
It's been about 12 months since our last long-term support release, Confluence 7.19. In that time we've shipped a huge amount of Enterprise value, especially for Data Center. Check out these highlights:
Diagnostics and troubleshooting
Platform performance upgrades
For end users
All in all, we've resolved over 570 issues since 7.19.0. For an overview of all the changes, check out the Confluence 8.5 Long Term Support Release Change Log.
So what can you expect from Confluence 8.5? We've been focused on raising the already high bar we’ve set for quality, stability, and performance, and have tackled some particularly high-impact bugs to make sure Confluence 8.5 is the best it can be.
Performance benchmarking report
We’ve run comprehensive testing to compare our Long Term Support releases Confluence 7.19 and 8.5 to see how the new features affect Confluence, and to make sure we’re not introducing any performance regressions. Long Term Support releases are always a number of versions apart so changes in performance are much more visible than between smaller, feature releases.
Read the report to learn about the benefits of upgrading from 7.19.0.
Confluence 8.5.x is the last release to support Server licenses
Confluence 8.5 will be the last Confluence feature release available to download for Server, prior to the Server end of support date on Feb 15, 2024. All feature releases after Confluence 8.5 will only support our Data Center offering. As Confluence 8.5 is a Long Term Support release, it will continue to receive security and bug fixes until the end of support date on Feb 15, 2024.
Upgrading to a new Long Term Support release is a great time to check your site security. We've put together a list of things you might want to check as part of this upgrade, as our recommendations may have changed since you first installed Confluence.
- Subscribe to advisory alerts and keep technical contact details up to date
Receive security advisory alerts and other important technical updates.
Atlassian email and privacy preferences
- Run Confluence with a dedicated non-root user account
Limit that account to just the directories that Confluence needs to write to.
Learn how to create a dedicated user account
- Limit the accounts that can access Confluence directories
Ensure only selected user accounts can read and write to Confluence directories, including custom directories where you might store attachments, backups, or data pipeline exports.
Learn how to allow the account to write to particular directories
- Limit hosts which can mount network file systems
Limit the hosts that can mount NFS file systems to just the Confluence host (such as in the /etc/exports file in Linux). Refer to your operating system documentation to find out how to do this.
- Limit database access
Limit database access to just the Confluence host (using iptables or built in database security tools). Refer to your database documentation to find out how to do this.
- Use secure administrator sessions
Require admins to re-enter their password to access admin functions, and set a short timeout for the administrator session.
Learn how to turn on secure administrator sessions
- Use the allowlist
Limit incoming and outgoing connections to avoid Server-Side Request Forgery (SSRF) attacks.
Learn how to turn on the allowlist
- Use personal access tokens for integrations
Provide a more secure way to authenticate API requests than basic authentication (username and password)
Learn how to manage personal access tokens
- Review confluence-administrators group membership
Members of this 'super group' can access all admin functions and access all content, including restricted pages. Consider limiting the members of this group and instead create a new group with system administrator global permissions.
Learn about the confluence-administrators super group
- Review administrator account practices
Avoid shared admin accounts, and easily guessed usernames like 'admin' or 'jdoe'. Consider providing administrators with two accounts, allowing them to use different accounts for day-to-day Confluence use and administrator tasks.
- Monitor the access log
Access logs can help you identify unusual activity. Logs are written to the install directory, and you may want to monitor these logs using your preferred monitoring tool.
Learn about access logging
- Use rate limiting to block all requests from anonymous users DATA CENTER
Block REST API requests from anonymous users if you don't have a reason to allow them, or limit the number of requests to reduce the risk of DoS attacks
Learn how to use rate limiting to block requests
- Review audit log settings DATA CENTER
The audit log capabilities may have changed significantly since your last upgrade. Check which events you can monitor.
Learn which events you can write to the audit log
- Consider single-sign on DATA CENTER
There are a number of options for integrating Confluence with your identity provider for SSO.
Learn about the various SSO options available
For full details of bugs fixed and suggestions resolved, head to Jira.
Released on 06 September 2023
Released on 22 August 2023
Get ready to upgrade
Our wonderful customers...
You play an important role in making Confluence better. Thanks to everyone who participated in interviews with us, made suggestions, voted, and reported bugs!