This documentation relates to an earlier version of Confluence.
View this page in the current documentation or visit the current documentation home.

Skip to end of metadata
Go to start of metadata

6 October 2009

Confluence 3.0.2 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

Critical issue affecting non-clustered implementations of Confluence 3.0.2


Non-clustered (i.e. you do not have a clustered license) implementations of Confluence 3.0.2 are affected by an issue that can cause Confluence to crash. Please read the Confluence 3.0.2 Upgrade Notes for details on the issue and instructions on how to address it.

Editing and Visual Improvements

A bug in the Rich Text Editor lead to the generation of line break and other character formatting problems after saving a page. This bug has been fixed.

The sizes of some headings were considered too similar to be visually distinguishable on a page, especially when the headings were separated by intervening text content. This was particularly the case for heading sizes 2 and 3. Hence, the sizes of headings were modified to make them visually more distinct.

The format of colours used in Confluence's user profile areas has been modified slightly to make headings more prominent and form labels clearer.

The blog posts macro was missing the 'Restrict to These Authors' (author) parameter from the macro browser. However, this parameter is now available in the macro browser.

Other Enhancements and Fixes

Some customers' users experienced long delays while logging into Confluence, especially when their user accounts belonged to groups containing a large number of other user accounts. This issue was fixed.

Customers were able to generate Confluence page PDF exports directly from external web sites by adding the 'Export to PDF' link (accessible via a Confluence page's 'Tools' menu) to their external web pages. Unfortunately, this function was broken by the introduction of the form token handling security enhancement feature introduced in Confluence 3.0. In Confluence 3.0.2, however, this issue was resolved.

Some customers experienced an issue in which automatic content indexing would stop. This problem has been resolved.

When browsing Active Directory groups in Confluence, it was not possible to view group members if the LDAP Distinguished Names (DN) did not include the username. This bug was fixed.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 3.0 yet?

Take a look at the new features and other highlights in the Confluence 3.0 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.0.2 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

T Key Summary P Status Resolution
Bug CONF-16651 XSS vulnerability can be exploited with the pagetree macro Blocker Resolved Fixed
Bug CONF-16644 XSS vulnerability can be exploited with the Userlister macro Blocker Resolved Fixed
Bug CONF-15440 XSS vulnerability can be exploited with the contentbylabel macro Critical Resolved Fixed
Bug CONF-15108 Session Fixation attack using JSESSIONID in Confluence Critical Resolved Fixed
Bug CONF-13754 HibernateGroupManager.hasExternalMembership() is slow for group with thousands of users Critical Resolved Fixed
Bug CONF-8496 WEBDAV 1.1 plugin truncates all URL's by one character Critical Resolved Fixed
Bug CONF-16459 PDF export link cannot be published to other sites... Major Resolved Fixed
Bug CONF-16428 Saving a page can lead to round-trip errors that do not occur by just switching tabs. Major Resolved Fixed
Improvement CONF-15585 Use #333 for Headings in Confluence and #666 for labels Resolved Fixed
Bug CONF-14512 Newline lost between panel macro and table or list breaking markup Major Resolved Fixed
Bug CONF-13894 Recently-updated macros show all content under the same time and date when showProfilePic=true Major Resolved Fixed
Improvement CONF-9954 h2 and h3 are too similar in Confluence 2.6 Resolved Fixed
Bug CONF-9575 Content Indexing stops Major Resolved Fixed
Improvement CONF-8148 Cluster safety job should be made more generic and report multiple deployments with same DB as well Resolved Fixed
Bug CONF-6085 Can't find group members of group when DN does not include username Major Resolved Fixed
Bug CONF-20653 Menu dropdowns appearing behind tabs in IE7 Minor Resolved Fixed
Bug CONF-17159 The new {code} macro puts line numbers in text when I copy/paste Minor Resolved Duplicate
Bug CONF-16955 Support Entitlement Number is listed twice on the System Information page Minor Resolved Fixed
Bug CONF-16774 Allow system plugins to be enabled Minor Resolved Fixed
Bug CONF-16089 The blog posts macro is missing the 'author' parameter from the macro browser. Minor Resolved Fixed
Showing 20 out of 23 issues Refresh

Click here to open a report on for Resolved or Closed issues in Confluence 3.0.2.

  • No labels