Preparing for Confluence 7.18

Confluence Development Releases

On this page

In this section

Still need help?

The Atlassian Community is here for you.

Ask the community

This documentation is intended for Confluence developers who want to ensure that their existing plugins and apps are compatible with Confluence 7.18.

Watch this page to find out when a new milestone is available and what’s changed. We will publish formal release notes once we release a beta.

Latest milestone
23 May 2022


Issues with this milestone?

Hit the Feedback button on the Confluence EAP header or raise an issue to tell us about it.

On this page:

Planned changes

In this section we'll provide an overview of the changes we intend to make, so you can start thinking how it might impact your app. We'll indicate when a change has been implemented, and in which milestone. 

Security uplift


We're continuing to identify and upgrade core components and libraries to the newest versions. We will not break our official APIs. However, certain libraries, transitive dependencies, and behaviours might change.

XStream upgrade


We have upgraded XStream to 1.4.19 in Confluence 7.18, but have not enabled the XStream allowlist at this time (we plan to do this in Confluence 8.0).  If your app uses the Confluence API to interact with XStream, there should be no impact. 

If you initialize your own XStream version, we recommend you either switch to the Confluence XStream API, or upgrade your XStream version. If you continue to use your own XStream, you'll need to mark the allowlist in that XStream instance. 

 See XStream 1.4 upgrade for more information. 

New content API


We have added a REST API endpoint, rest/content/scan. The new endpoint provides better performance than rest/content, and adds a cursor parameter, which can be used instead of offset for pagination. It can only be used to browse pages (not blogs), and doesn't support offset , title , or creationdate parameters.

We recommend using rest/content/scan for situations where you don't need to use offset, for example, if you have infinite scroll, or only need to fetch a small number of changes, as it provides better performance. Generally, offset should only be needed in cases where you need to click a page number in the UI. 

For usage examples, see Confluence REST API examples

Servlet XSRF protection


We've updated our developer documentation to cover how you can enable servlet XSRF (cross-site request forgery) protection in your app. When enabled, an XSRF token is generated by the server-side application and included in the subsequent HTTP request made by the client. 

See Enable XSRF protection in your app for more information. 

No direct access to Hibernate


In Confluence 8.0 we will remove direct access to Hibernate. This will allow us to upgrade Hibernate more frequently without breaking your app, or requiring you to do significant testing and rework when things change. 

See Hibernate sessions and transaction management guidelines for more information and a sample custom query. 

Check out our migration guide which will help you identify where you are using the Hibernate interface, and provide some recommended alternatives for common use cases. 

Removal of editor-v3 


When we upgraded our editor to TinyMCE v4 way back in Confluence 6.14, we introduced an unsupported dark feature that could be used to revert to the v3 editor (frontend.editor.v4 / frontend.editor.v4.disable). We plan to remove this dark feature flag in a future Confluence release, as they are no longer tested or reliable.

Once that happens, the editor-v3 WRM context will no longer be loaded. Any resources used only in this context can be removed completely. The editor and editor-v4 contexts are unchanged, and with this change, resources in editor-v4 can be safely moved to editor.

Quartz removal


Quartz scheduler will be removed in Confluence 8.0. This has been deprecated since Confluence 5.10

All usages of Quartz and corresponding plugin Job and Trigger modules should be migrated to use atlassian-scheduler  and  Job Config modules

Implemented changes

In this section we'll provide details of changes we have implemented, organized by the milestone they are first available in. This will help you decide which milestone to use when testing.

Release Candidate – 23 May 2022


  • No significant changes in this release candidate.

Beta 1 – 19 May 2022


  • No significant changes since the last milestone.

EAP 5 – 9 May 2022

Milestone 7.18.0-m68

  • Upgraded to XStream 1.4.19. See more details above, as this may impact your apps. 

EAP 4 – 2 May 2022

Milestone 7.18.0-m61

  • New rest/content/scan endpoint.

EAP 3 – 27 April 2022

Milestone 7.18.0-m57

  • No significant changes in this milestone.

EAP 2 – 19 April 2022

Milestone 7.18.0-m46

  • No significant changes in this milestone.

EAP 1 – 11 April 2022

Milestone 7.18.0-m40

  • Ability to select a node on the logging and profiling screen, and make changes for a specific cluster node. 
  • Fixed an issue where database privilege checks in Oracle databases do not respect Oracle roles.

Looking for updated documentation? Check out the Confluence EAP space for the latest docs.

Did you know we’ve got a new developer community? Head to to check it out! We’ll be posting in the announcements category if when new EAP releases are available.

Last modified on May 23, 2022

Was this helpful?

Provide feedback about this article

In this section

Powered by Confluence and Scroll Viewport.