Confluence Support

28 July 2022

We're excited to present Confluence 7.19.

Highlights

Long Term Support release roundup
Security check-up
Resolved issues
Get ready to upgrade

Get the latest version

.

More

Read the upgrade notes for important info about this release and see the full list of issues resolved.

Thanks for your feedback

More than 3770 votes satisfied
since the last Long Term Support release.

Confluence Server and Data Center 7.19 is a Long Term Support release
This means we'll provide bug fix releases until 7.19 reaches end of life, to address critical security, stability, data integrity, and performance issues.

Ready to upgrade? Check the 7.19 LTS change log for a roll-up of changes.

Long Term Support release roundup

It's been just under 12 months since our last Long Term Support release, Confluence 7.13. In that time we've shipped a huge amount of value, especially for Data Center:

Greater security for integrations with OAuth 2.0
Encryption of your database password
Use of multiple identity providers for SSO
New application metrics to keep your site running like clockwork
Faster permission checks for large, complex sites
Upgrade to the next Confluence without downtime
Clean up historical data and clear trash automatically with retention rules
Updated VPAT documents for accessibility improvements
More support for databases including PSQL and MSQL
Install Confluence Data Center on Kubernetes

All in all we've resolved over 240 issues since 7.13.0 For an overview of all the changes, check out the Confluence 7.19 Long Term Support Release Change Log.

So what can you expect from Confluence 7.19? We've been focused on raising the already high bar we’ve set for quality, stability, and performance, and have tackled some particularly high impact bugs to make sure Confluence 7.19 is the best it can be.

Security check-up

Upgrading to a new Long Term Support release is a great time to check your site security. We've put together a list of things you might want to check as part of this upgrade, as our recommendations may have changed since you first installed Confluence.

Subscribe to advisory alerts and keep technical contact details up to date
Receive security advisory alerts and other important technical updates.
Atlassian email and privacy preferences
Run Confluence with a dedicated non-root user account
Limit that account to just the directories that Confluence needs to write to.
Learn how to create a dedicated user account
Limit the accounts that can access Confluence directories
Ensure only selected user accounts can read and write to Confluence directories, including custom directories where you might store attachments, backups, or data pipeline exports.
Learn how to allow the account to write to particular directories
Limit hosts which can mount network file systems
Limit the hosts that can mount NFS file systems to just the Confluence host (such as in the /etc/exports file in Linux). Refer to your operating system documentation to find out how to do this.
Limit database access
Limit database access to just the Confluence host (using iptables or built in database security tools). Refer to your database documentation to find out how to do this.
Use secure administrator sessions
Require admins to re-enter their password to access admin functions, and set a short timeout for the administrator session.
Learn how to turn on secure administrator sessions
Use the allowlist
Limit incoming and outgoing connections to avoid Server-Side Request Forgery (SSRF) attacks.
Learn how to turn on the allowlist
Use personal access tokens for integrations
Provide a more secure way to authenticate API requests than basic authentication (username and password)
Learn how to manage personal access tokens
Review confluence-administrators group membership
Members of this 'super group' can access all admin functions and access all content, including restricted pages. Consider limiting the members of this group and instead create a new group with system administrator global permissions.
Learn about the confluence-administrators super group
Review administrator account practices
Avoid shared admin accounts, and easily guessed usernames like 'admin' or 'jdoe'. Consider providing administrators with two accounts, allowing them to use different accounts for day-to-day Confluence use and administrator tasks.
Monitor the access log
Access logs can help you identify unusual activity. Logs are written to the install directory, and you may want to monitor these logs using your preferred monitoring tool.
Learn about access logging
Use rate limiting to block all requests from anonymous users DATA CENTER
Block REST API requests from anonymous users if you don't have a reason to allow them, or limit the number of requests to reduce the risk of DoS attacks
Learn how to use rate limiting to block requests
Review audit log settings DATA CENTER
The audit log capabilities may have changed significantly since your last upgrade. Check which events you can monitor.
Learn which events you can write to the audit log
Consider single-sign on DATA CENTER
There are a number of options for integrating Confluence with your identity provider for SSO.
Learn about the various SSO options available

Resolved issues

For full details of bugs fixed and suggestions resolved, head to Jira.

Get ready to upgrade

Before you upgrade, check out the Upgrade Notes for important changes in this release, then follow the usual upgrade instructions to upgrade your site.

Credits

Our wonderful customers...

You play an important role in making Confluence better. Thanks to everyone who participated in interviews with us, made suggestions, voted, and reported bugs!

Page

Viewport

Confluence

Versions

Confluence 7.19 Release Notes

Confluence Release Notes

On this page

In this section

Related content

Still need help?