Here are some important notes on upgrading to Confluence 9.0. For details of the new features and improvements in this release, see the Confluence 9.0 release notes.

Upgrade notes

MS SQL Server JDBC Driver Upgrade in Confluence 9.0.3

The JDBC driver for MS SQL Server has been upgraded from version 7.4 to 12.6. If you are using SQL Server via JDBC and your database isn't configured for SSL connections, you must explicitly disable encryption in Confluence's connection URL string. With the updated driver, encryption is enabled by default. To disable it, append ;encrypt=false to the existing connection string. We recommend making this update before upgrading to avoid any downtime.

Check out how to locate the connection string

Front-end dependencies SBOM file included in the distribution ADMINS

Previously introduced in Confluence 8.9, the SBOM file now supports both front-end and back-end dependencies starting with Confluence 9.0.3. The SBOM provides detailed information on software components, dependencies, and licenses used in the build process. This improvement ensures that the Confluence Data Center complies with the Secure Software Development Framework.

To locate the SBOM, go to the sbom/ folder in the Confluence installation directory. This folder contains the following three files:

• atlassian-confluence-9.0.3-sbom.cdx.json

• atlassian-confluence-9.0.3-sbom.csv

• atlassian-confluence-9.0.3-sbom.spdx

Dark theme

We’re excited to bring dark theme to you in Confluence 9.0! 

You may notice the following limitations, which we’re currently working on:

• Confluence supports custom color schemes only for light and original themes. In dark theme, custom color schemes are not displayed.

• The customizable site logo is the same for both light and dark themes.

You may also need to consider the following:

• If you’re using a custom Confluence theme, you may need to contact your Marketplace theme provider to request they make their theme compatible with dark theme.

• As previously announced, all colors in the editor are converted to match the editor color palettes for readability in both light and dark themes. That means you can no longer customize the editor's text color palette using the temporary workaround.

Discover more about Confluence dark theme.

Removal of gadgets

Gadgets were first introduced in Confluence 3.1, and the technology behind them has become outdated. Instead, we've developed better methods for displaying dynamic information, such as macros and other integrations. For vendors who use gadgets in their plugins, transitioning to macros is necessary to maintain the same functionality in Confluence 9.0 and beyond.

After upgrading, Confluence pages with embedded gadgets will show an Unknown macro placeholder instead of the removed gadgets. For replacements, check the list of Data Center product gadgets and their equivalent macros.

Screenshot: Unknown macro placeholder

Currently, we’re considering the development of replacements for unavailable Jira macros in future releases.

OpenSearch support

Confluence now supports OpenSearch as an alternative search platform. At this point, OpenSearch is not Confluence’s default search platform, but you can expect the following benefits if you switch to it:

• Better performance - Faster search results put the information users need at their fingertips.

• Scale with confidence - As your organization grows in size and scale, take advantage of OpenSearch’s horizontal scaling capabilities and let Confluence grow with you.

• Reduced overhead - Simplified index management lowers overall Confluence resource consumption.

• High availability - Search without interruption on clustered OpenSearch instances during reindexing.

Before you’re ready to start using OpenSearch, you need to set up and configure it first. Visit the OpenSearch configuration guide to understand how to get started.

New default HTTP security headers

Starting from Confluence 9.0, all requests served by the system will automatically include new default HTTP security headers. These headers enhance security connectivity through the browser, providing protection against XSS and clickjacking attacks.

The following security headers will be applied:

X-XSS-Protection: 1; mode=block 
X-Content-Type-Options: nosniff 
X-Frame-Options: SAMEORIGIN 
Content-Security-Policy: frame-ancestors 'self' applinks.domain 
Strict-Transport-Security: max-age=31536000

Admins can customize security headers globally using the following system properties:

• http.header.security.disabled

• http.header.security.hsts.max.age

• http.header.security.hsts.preload.enabled

• http.header.security.hsts.include.subdomains

• confluence.clickjacking.protection.disable

• http.header.security.content.security.policy.disabled

• http.header.security.content.security.policy.value

Removal of the legacy backup and restore system

As previously announced, we’ve removed the legacy backup and restore system as part of Confluence 9.0. This means that scheduled backups, which used our legacy system, are no longer available. Scheduled XML backups were disabled by default in Confluence Data Center.

We don't recommend relying on XML backups as a main backup method. Instead, we recommend regularly backing up the database, installation directory, and home directories. Check out Production Backup Strategy for recommended methods.

For backups of test sites, or in addition to database and directory backups, we recommend using the upgraded backup and restore system’s documented API that makes managing these tasks easier and also allows for the automation of heavy or large site merges and space migrations.

Bug in application link between Confluence 9.0 and and other Data Center products

Creating new application links between incompatible versions of Confluence 9.0 and other Data Center products will not work as expected.

For more details, check out a workaround for the issue with application links.

Improved Code Block macro security

We've removed the Add New Language feature from the Code Block macro and all associated back-end APIs. This change improves the security and stability of our platform.

If custom languages have already been added to your system, we recommend that you manually uninstall them because they will no longer work. 

If your system has no custom languages, there is nothing you need to do.

Note that this change was made in the recently released Confluence 8.9.4.

Explore more information about the Code Block macro.

REST API documentation upgrade

We’ve modernized the look and feel of our Confluence Data Center REST API documentation by migrating it to Swagger. In addition to the refreshed look and feel we’re getting from the Swagger API documentation framework, this migration will make our API docs easier for you to navigate, find examples, and copy snippets from.

Screenshot: Updated look and feel of Confluence Data Center REST API

New health check for improved backup security

The Atlassian Troubleshooting and Support app (ATST) has been upgraded to version 2.0.0 and equipped with a new check for Local Backup Security. This health check warns about any stored backups in Confluence’s file system, which may expose confidential data in the event of an attack.

The new health check will be available by default in Confluence Data Center 9.0.

Version 2.0.0 of the app is available only for Confluence versions 9.0 and beyond. If you’re using Confluence 8.9 or earlier, you can still use version 1.x.x, which you can install and upgrade through Atlassian Marketplace.

Manage your user license numbers before they max out

Keep track of your Confluence Data Center license seats with our new health check alert. It warns you as you approach your limit, giving you time to either upgrade your license or manage your user count. Additionally, you can customize this alert to notify you about a set number or percentage of available seats. By default, this is set to 10%. The new alert is enabled automatically, but you can disable it at any time.

For more details, explore how to set up a health check for Confluence license limit notifications.

Removal of JAACS setup via setup wizard in Confluence 9.0

To reduce technical debt and simplify the installation flow, we've removed the option to set up Jira as a Crowd Server (JAACS) from the setup wizard in Confluence 9.0. This change simplifies the setup process and prioritizes features most valued by our users.

Administrators looking to integrate user management between Confluence Data Center and Jira Software Data Center can now configure JAACS post-setup from the Administration menu by selecting General Configuration, and then User directories and Atlassian Jira.

Find out more details on how to connect Confluence to Jira applications for user management.

Trusted Application endpoint access restricted

Access to Trusted Application endpoints is now limited to system administrators. We recommend using OAuth for application links since the deprecation of Trusted Applications.

Explore our more detailed upgrade instructions for updating application links to use OAuth.

Editor upgrade

In Confluence 9.0, we’ve upgraded the editor from TinyMCE 6 to TinyMCE 7 as part of our regular maintenance effort for third-party components. This upgrade has been completed without any reported issues in the editor.

Advance notice: take a peek!

Two-step verification in Confluence

We’re working on improving the security of our login experience for Confluence by allowing customers to add a second authentication layer.

The new login process will support a built-in two-step verification (2SV) capability using time-based one-time password (TOTP) as a second factor.

We’re happy to announce that we’re launching an Early Access Program (EAP) to seek feedback for the prototype of this solution and invite you to take part in this. See the recent Atlassian developer changelog entry for updates, useful links, and videos.

Supported platforms changes

End of support for Java 11

As previously announced, Java 11 is no longer supported.

 You won’t be able to start Confluence 9.0 with Java 11. 

You must use either Java 17 or 21 runtime to start Confluence 9.0.

Support for Java 21

In Confluence 9.0, we have added support for Java 21. Java 17 is still bundled with Confluence, so you can continue using Java 17 for now, or switch to Java 21 manually.

Explore our guide about switching your Java version or vendor.

Support for PostgreSQL 16

We've added support for PostgreSQL 16.

End of support announcements

Advance Notice: End of support for databases

We will end support for the following databases in Confluence 9.1: 

• PostgreSQL 13
• Microsoft SQL Server 2017

Additionally, support will end for the following databases in Confluence 9.3: 

• MySQL 8.0
• PostgreSQL 14

For more information on these notices, see our End of Support Announcements for Confluence.

Infrastructure changes 

Head to Preparing for Confluence 9.0 to find out more about changes under the hood. 

Known issues

• There are a number of known issues when upgrading Confluence on specific database versions. See Confluence 7.11 upgrade notes if you are upgrading from Confluence 7.10 or earlier.
• If you are upgrading from Confluence 6.3 or earlier, there's a known issue where spaces do not appear in the space directory. You'll need to reindex your site after upgrading to fix this. 
• If you use Apache to limit who can access the admin console, you should update your configuration. See Using Apache to limit access to the Confluence administration interface for our suggested configuration.
• There is a known issue where read-only mode attempts to write to <shared-home>/confluence.cfg.xml , but the file doesn't exist in the shared home directory. This problem affects sites that have been previously upgraded from Confluence 6.0 or earlier. See Could not save access.mode into the shared confluence.cfg.xml file error after upgrading to Confluence Data Center 6.10
• There is a known issue where some fonts that Confluence relies on are not available in older Linux distributions. See Confluence UI shows garbled or corrupt text on CAPTCHA, macros, and/or diagrams due to missing fonts
• There is a known issue where Confluence 8.8.0 and 8.8.1, upon upgrade from earlier versions, will fail to render the login page for instances using custom layout decorators. The decorators could be using the resource './langmacro.vm' that is no longer included in Confluence 8.8 (and later). See After Upgrade , error encountered - ResourceNotFoundException: Unable to find resource '/langmacro.vm' for more information.

If you encounter a problem during the upgrade and can't solve it, please create a support ticket and one of our support engineers will help you.

Upgrade procedure

Always test the upgrade in a test environment before upgrading in production.

To upgrade Confluence to the latest version:

1. From the Administration menu , select Manage apps, and then Confluence update check to verify the compatibility of your user-installed apps with the target application version.

2. From the Administration menu , select General Configuration, and then Plan your upgrade and the version you want to upgrade to. This will run the pre-upgrade checks.
3.  From the Administration menu , select General Configuration, and then Troubleshooting and support tools to check your license validity, application server, database setup, and more.
4. If your version of Confluence is more than one version behind, read the release notes and upgrade guides  for all releases between your version and the latest version.
5. Back up your installation directory, home directory, and database.
6. Download the latest version of Confluence.
7. Follow the instructions in the Upgrade Guide.

Update configuration files after upgrading

The contents of configuration files such as server.xml, web.xml , setenv.bat / setenv.sh, and confluence-init.properties change from time to time. 

When upgrading, we recommend manually reapplying any additions to these files (such as proxy configuration, datasource, JVM parameters) rather than simply overwriting the file with the file from your previous installation; otherwise you will miss out on any improvements we have made.