Preparing for Confluence 7.16
This documentation is intended for Confluence developers who want to ensure that their existing plugins and apps are compatible with Confluence 7.16.
Watch this page to find out when a new milestone is available and what’s changed. We will publish formal release notes once we release a beta.
Latest milestone
| 21 January 2022 | 7.16.0-rc1 | Download |
Issues with this milestone?
Hit the Feedback button on the Confluence EAP header or raise an issue to tell us about it.
On this page:
Planned changes
In this section we'll provide an overview of the changes we intend to make, so you can start thinking how it might impact your app. We'll indicate when a change has been implemented, and in which milestone.
Security uplift
Status: ONGOING
We're continuing to identify and upgrade core components and libraries to the newest versions. We will not break our official APIs. However, certain libraries, transitive dependencies, and behaviours might change.
WRM upgrade
Status: COMPLETE
In this release we are upgrading WRM (web-resource manager) from 4.1.8 to 5.4.11. Get an overview of the changes in the changelog.
We don't expect this upgrade to have any impact on your apps, as there are no breaking changes to the API. However, there are some implementation changes that may have an impact.
Changes in Java
Several implementation details in the atlassian-plugins-webresource module have changed. If your app depends upon this module directly, you may be impacted by these changes. Consult the version 5 upgrade guide for a list of these changes.
Changes in JavaScript
The WRM.require function previously returned a jQuery.Deferred object. In WRM 5, it returns a native Promise.
If you are using the return value of WRM.require:
var thenable = WRM.require('a-resurce-or-context-name')there will be some subtle differences in the behaviour of the returned object. These are covered in the version 5 upgrade guide.
If you're using:
WRM.require('a-resource-or-context-name')or
WRM.require('a-resource-or-context-name', function callMeWhenEverythingLoads() { ... })everything will continue to work as it did previously.
Changes to basic authentication
Status: COMPLETE
We plan to provide admins the ability to disable basic authentication, and will be recommending any integrations use personal access tokens instead. Learn more about disabling basic authentication . You can start testing now by manually upgrading the SSO for Atlassian Server and Data Center to 4.2.0.
Change to page and attachment history versioning
Status: COMPLETE
As part of our work to introduce retention rules for historical page and attachment versions, we have changed the way versions are numbered in the page history and attachment history.
Versions will not be renumbered when deleted by a user, or by the retention rules scheduled jobs. This may cause issues for apps that rely on the current behaviour where versions are reordered after deletion.
Blocked XStream classes
Status: COMPLETE
As part of our security uplift work, we now block certain XStream classes. This change will also be backported to 7.15.1, 7.13.5, and 7.4.16.
Package list
sun.reflect.**,
sun.tracing.**,
com.sun.corba.**Pattern list
.*\\.ws\\.client\\.sei\\..*,
.*\\$ProxyLazyValue,
com\\.sun\\.jndi\\..*Enumerat(?:ion|or),
.*\\$URLData,
.*\\.xsltc\\.trax\\.TemplatesImplHibernate upgrade
Status: ADVANCE NOTICE
We're working on upgrading Hibernate from 5.2 to 5.4. This includes breaking changes like removing deprecated features/interfaces.
Notable features that have been removed:
- Support for JDBC parameterised queries. Classes that implement
HibernateContentQueryFactoryshould be verified to assure that named parameters are used instead. RegionAccessStrategyand other access strategy interfaces have been replaced.
See Hibernate 5.2 to 5.4 upgrade contains breaking changes for more information.
We are now targeting our next platform release (8.0) for this work.
Removal of editor-v3
Status: ADVANCE NOTICE
When we upgraded our editor to TinyMCE v4 way back in Confluence 6.14, we introduced an unsupported dark feature that could be used to revert to the v3 editor (frontend.editor.v4 / frontend.editor.v4.disable). We plan to remove this dark feature flag in a future Confluence release, as they are no longer tested or reliable.
Once that happens, the editor-v3 WRM context will no longer be loaded. Any resources used only in this context can be removed completely. The editor and editor-v4 contexts are unchanged, and with this change, resources in editor-v4 can be safely moved to editor.
Implemented changes
In this section we'll provide details of changes we have implemented, organised by the milestone they are first available in. This will help you decide which milestone to use when testing.
Release candidate - 17 January 2022
7.16.0-rc1
In this release candidate:
- Block certain XStream classes
Beta 2 - 4 January 2022
7.16.0-beta2
The 7.16 beta will be available soon. In this beta release:
- Use retention rules to clean up historical data automatically
- Use multiple identity providers (IdPs) for single sign-on
- Block basic authentication
- Faster permissions checks for complex sites
- Exclude spaces from the data pipeline
Added support for Microsoft SQL Server 2019
See Confluence 7.16 beta release notes for full details of everything in this release.
(Beta 1 encountered some gremlins, so was not released)
EAP 4 - 13 December 2021
Milestone 7.16.0-m52
- Upgraded WRM to 5.4.11
- Upgraded SSO app to 4.2.7 which provides the ability to configure multiple IdPs and disable basic authentication.
EAP 3 - 7 December 2021
Milestone 7.16.0-m49
- No significant changes in this milestone
EAP 2 - 29 November 2021
Milestone 7.16.0-m39
- Upgraded Spring from 5.1.x to 5.3.x
- Upgraded Atlassian Plugins from 5.3.x to 5.7.x
EAP 1 – 22 November 2021
Milestone 7.16.0-m30
- Page and attachment versions are not renumbered when a version is deleted
- Set retention rules to automatically delete historical page and attachment versions, and purge deleted items from the trash.
Looking for updated documentation? Check out the Confluence EAP space for the latest docs.
Did you know we’ve got a new developer community? Head to community.developer.atlassian.com/ to check it out! We’ll be posting in the announcements category if when new EAP releases are available.