Bamboo 12.0 リリース ノート
2025 年 11 月
We’re excited to present Bamboo 12.0. This release introduces significant new features, platform upgrades, and important security improvements to help you build, test, and deploy with even greater confidence.
Take some time and read through the release notes to learn what we've prepared for you this time. If you plan to upgrade, swing by the Bamboo 12.0 upgrade notes to check for any breaking change and don’t forget to check out the full list of resolved issues.
ハイライト
Bamboo 12.0.0
リリース日:
Here's what's new in Bamboo 12.0.0.
Major new features
Service accounts
A service account is a special type of Data Center account that isn’t tied to a person. Instead, it represents a service, integration, script, or app that needs to access Bamboo, Jira, Confluence, or other Data Center products. You can use service accounts to access REST APIs using OAuth 2.0 authentication in order to run scripts and automate tasks with precise permission control. Every action taken by a service account is logged, ensuring full visibility into its activities.
サービス アカウントを作成するには次の手順を実行します。
- Navigate to Administration > Security, then select Service accounts from the sidebar.
- Select Create service account.
- Complete the setup by specifying the account’s details, selecting the appropriate scopes and resources, and generating OAuth 2.0 credentials.
- Carefully review the information and securely store your credentials.
OAuth 2.0 AppLinks
Bamboo now supports OAuth 2.0 for application links (AppLinks), enabling secure, modern, and reliable connections between Bamboo, other Atlassian products, and external applications. OAuth 2.0 is the industry standard for authentication and authorization, offering improved security and easier management of integrations.
GitHub Apps integration
Secure, fine-grained API access for GitHub repositories is now available through GitHub Apps integration. With this approach, you can skip personal access tokens while getting the benefits of enhanced security with tightly scoped and managed permissions.
GitHub recommends using GitHub Apps as the preferred authentication method for integrations, making this the best practice for enterprise-level automation and compliance.
You can configure this setting directly from each GitHub repository’s configuration page in Bamboo, or define it programmatically using Bamboo Specs.
Read more about GitHub repository configuration
API token support for Bitbucket Cloud
Bitbucket Cloud repositories now support API token authentication alongside app passwords, providing a more flexible and secure way to integrate your tools and scripts. API tokens offer enhanced security and better access management, helping you protect your integrations against unauthorized access.
We strongly recommend upgrading to API tokens, as Bitbucket Cloud is deprecating app passwords in favor of this more secure authentication method.
Read more about this change in the blog
You can use API tokens directly from each Bitbucket Cloud repository’s configuration page in Bamboo, or define them programmatically using Bamboo Specs.
Ephemeral agent concurrency limits
You can now set a limit on the number of concurrent ephemeral agents. If the limit is reached, additional agent spawn requests are queued until a slot becomes available, improving resource management and predictability.
To test it, navigate to Administration > Ephemeral agents > Configuration, enable Agent limit, and set a value that meets your needs.
Non-rerunnable plans
Plans can now be marked as non-rerunnable, ensuring only fresh builds are allowed and giving you more control over your CI/CD workflows. This option is available in every plan’s details page, or can be configured programmatically using Bamboo Specs.
In-product diagnostics (IPD)
In-product diagnostics (IPD) is now built into Bamboo, bringing the same powerful monitoring and support capabilities already available in Jira, Confluence, and Bitbucket Data Center. IPD continuously collects key system metrics, performs basic monitoring, and provides proactive alerts about your Bamboo environment’s health.
Key benefits for admins:
- Health monitoring: Instantly view the health status of your Bamboo instance and identify potential issues before they impact your teams.
- Faster troubleshooting: All diagnostic data is automatically included in support zips, making it easier for Atlassian Support and your admins to analyze and resolve problems quickly.
- Seamless integration: IPD data can be consumed by Atlassian support engineers, your Bamboo admins, and third-party tools for comprehensive monitoring and analysis.
Explore how in-product diagnostics can help you get more visibility into your Bamboo instances
Improved background job distribution
In clustered environments, Bamboo now distributes background jobs across all nodes, not just the primary node, for better performance and resource utilization. This feature will be enabled automatically if Bamboo is configured in warm-standby mode with at least two running nodes.
パフォーマンスの改善
Bamboo 12 offers many significant performance improvements, such as faster time-to-build for Bitbucket Cloud and GitHub webhook-based integrations, or a reduced heap memory footprint in the app.
Platform and security updates
Java 21 required
Bamboo 12.0 requires Java 21 as the minimum version. Support for Java 17 has been removed.
Atlassian Data Center Platform 8.0
Bamboo 12.0 now runs on Atlassian Data Center Platform 8, bringing improved responsiveness to security updates and minimizing disruptions or breaking changes for Atlassian Marketplace apps.
Prepare your Data Center app for 2025 security and usability updates
This upgrade is part of our ongoing commitment to enhanced security and performance.
Spring と Jakarta のアップグレード
To maintain high security standards and keep dependencies supported and up to date, we’re upgrading:
- Spring to the 6.x line
- Jakarta to EE Platform 10
- Apache Tomcat to 10.1 alongside other libraries that depend on Spring and Jakarta
Apache Tomcat のアップグレードでは、Jakarta Servlet 仕様に沿った変更も導入されています。カスタム サーバー設定またはコネクターを利用している場合は、アップグレードする前に次の点を確認してください。
- Review any custom
server.xmlsettings, especially those referencing "javax.servlet" APIs, as Tomcat 10.1 now uses the "jakarta.servlet" namespace. - Make sure all connectors (such as HTTP or AJP) are still supported and correctly set up for Tomcat 10.1.
- Check that your security and TLS/SSL configurations are compatible with the cryptographic defaults in Tomcat 10.1.
For more details on what’s new in Tomcat 10.1, see the official Apache Tomcat documentation.
Migration to Apache Struts 7
Struts has been upgraded to version 7. Key packages have been migrated and template variables updated for improved security and maintainability. This move modernizes our technology stack and protects against known vulnerabilities.
基本認証を既定で無効化
To improve security, basic authentication is now disabled by default for REST API calls in new instances. If you’re upgrading an existing instance, basic auth remains enabled to ensure your current integrations keep working after the upgrade. You can enable or disable basic auth for REST calls at any time in the Authentication methods settings.
アプリのインストール時におけるアプリ署名の既定での有効化
Apps that are uploaded via UPM are now required to be signed by default. This doesn’t impact Java APIs or app compatibility, but may impact your development and test environment. You can disable the signature verification by setting a Java system property.
atlassian.upm.signature.check.disabled=true Distribution via Atlassian Marketplace generates the signatures of the installed apps, but for vendors or customer in-house development teams that want to install an application directly in the product without the Marketplace involvement, custom application signature and verification certificate are required. For further details, see Configuring UPM app signature check and Generating app signature and verification certificate using OpenSSL.
信頼できるアプリの削除
製品への安全でないエントリ ポイントの数を減らすために、信頼できるアプリが削除されます。アトラシアン製品間のこの情報交換方法は、業界のベスト プラクティスに沿った安全性の高いソリューション (OAuth 2.0 プロトコルなど) に置き換えられています。
AUI 10 support
Bamboo 12 uses AUI 10. Plugin developers should either include their own versions of these libraries or update their plugins according to the AUI 10 migration guide and the jQuery 3 migration guidelines. As part of these updates, Backbone 1.6.0 and 1.3.3 have been removed, and Backbone is no longer accessible globally via window.backbone.
For more information on AUI 10 deprecations, see Prepare your Data Center app for 2025 security and usability updates.
jQuery 3 への更新
We’ve updated to jQuery 3 to standardize the jQuery version across all Data Center products. Plugin developers should update their plugins according to the jQuery 3 migration guidelines. This means a significant jQuery version uplift for products containing older versions of jQuery.
LESS のサポート終了
To improve security and performance, Bamboo no longer supports transforming LESS files to CSS at runtime. All LESS must now be compiled into CSS during the build process.
グローバル シリアル化フィルター
We’re introducing a global serialization filter that uses a centralized blocklist to protect Java deserialization, Velocity, Struts, and XStream. This filter automatically blocks classes and patterns known to be vulnerable to Remote Code Execution (RCE) exploits via publicly disclosed gadget chains.
Dedicated log files and enhanced access logs
Cluster communication logs and access logs are now more structured and easier to analyze. Cluster communication events are now recorded in a dedicated atlassian-bamboo-communication-stats.log file instead of the main log, making troubleshooting and performance monitoring simpler and more efficient.
Additionally, access logs now include more detailed information about each request, providing greater visibility for auditing and diagnostics.
REST エンドポイントにスコープを追加して、OAuth 2.0 2LO を使用する
REST エンドポイントのセキュリティと制御を強化するために、@ScopesAllowed を導入しました。
@ScopesAllowed アノテーションをエンドポイントに追加し、OAuth 2.0 クライアント認証情報トークン (2LO) を使用してアクセスできるようにします。
たとえば、このアノテーションでは、このエンドポイントへのアクセスを提供する前に、アクセス トークンに WRITE スコープが必要です。
@POST
@ScopesAllowed(requiredScope = "WRITE")
public void createEntity(...) {}サポートされているスコープは次で文書化されています。
Before you upgrade to Bamboo 12.0
重要
プラットフォーム リリースには、過去のバージョンとの互換性を持たない大規模な変更 ("重大な変更") が複数含まれます。このような変更により、将来のリリースでより広範な開発を行うための強化な基盤を確立しています。
組織の業務に影響を及ぼすリスクを減らすために、アップグレードする前にアプリを見直すことをおすすめします。
To check app compatibility, visit Checking app compatibility with application updates, or the Atlassian Marketplace to see if your app hosting is compatible with your product version.
サポート対象プラットフォームの更新
See what changes are in store for the supported platforms in Bamboo. For more information about what the latest stable release of Bamboo supports, see Supported platforms.
サポート終了のお知らせ
In this release, we’re removing support for:
PostgreSQL 15
SQL Server 2017
新たにサポート対象となったプラットフォーム
In this release, we’re adding support for:
PostgreSQL 18
Oracle 23ai
MySQL 8.4
解決済みの課題
Scroll through the list of the issues we’ve resolved throughout the lifecycle of Bamboo 12.0.