Documentation for Confluence 5.4.
Documentation for Confluence OnDemand and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata

15 April 2009

Confluence 2.10.3 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

General Fixes

A bug was identified, whereby viewing or editing restrictions could not be assigned to a page, whose parent page contained an apostrophe in its title and also possessed existing page restrictions. This bug has now been fixed.

When a user is restricted from viewing a page, Confluence presents them with a more informative Access Denied error rather than a general Page Not Found error.

When the {gallery} macro is used on a page with no parameters or image attachments, it would render into an error in HTML or PDF exports. This issue has now been fixed.

An issue was identified whereby under certain circumstances, clicking on a page's or blog's thumbnail image to expand it would result in a Runtime Error in Internet Explorer versions 6 and 7. This issue has now been fixed.

Widget Connector Plugin

Several new features have been added to the Widget Connector Plugin packaged with Confluence 2.10.3, including support for new widget, video and micro-blogging sites. Other supported features include Google Calendar and the Wufoo HTML Form Builder. For more information on how to add these features to your Confluence page or blog, refer to Widget Connector Macro.

Episodic made changes to the format of IDs they designate for all new videos, allowing them to be alphanumeric rather than solely numeric. The Widget Connector plugin has been updated to support this new URL format.

Engine Room Fixes

An issue was identified in Confluence's PDF Export feature that could result in memory leaks. These in turn may have affected the performance and stability of Confluence instances. This issue has now been fixed.

A few other issues were identified which under certain or specific circumstances, could affect the stability of Confluence. However, these have now been fixed.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 2.10 yet?

Take a look at the new features and other highlights in the Confluence 2.10 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 2.10.3 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

Loading
T Key Summary P Status Resolution
Improvement CONF-21022 Provide option to return unauthorized message rather than 404 when user does not have permissions for page Resolved Won't Fix
Bug CONF-17439 Fix the 2.10 patch for link insertion point in IE RTE Major Resolved Fixed
New Feature CONF-16288 Setting a restriction on List Pages - Tree View page Resolved Won't Fix
Bug CONF-15541 Previewing a page does not display long content when Confluence is embedded in a frame Major Resolved Invalid
Bug CONF-14988 SAXParser memory leaks Blocker Resolved Fixed
Bug CONF-14922 com.sun.pdfview.font.Type1CFont.readCommand(Type1CFont.java:357) consumes 100% CPU, blocks all other pdf threads Critical Resolved Fixed
Bug CONF-14849 Discarding a draft and refreshing the page results in an error Minor Resolved Fixed
Task CONF-14775 Add new filter and response wrapper to prevent header injection attacks Major Resolved Fixed
Bug CONF-14753 XSS vulnerability can be exploited with the Page Index macro Blocker Resolved Fixed
Bug CONF-14704 Impropper sanitisation of attachment filenames allows header injection Critical Resolved Fixed
Bug CONF-14537 Can not alter the permissons on a page, if the parent page has permissions and the parent has an apostrophe in the page name. Similar to CONF-10717 Critical Resolved Fixed
Bug CONF-14510 Fix upgrade tasks that access the database through a connection from the HibernateSession which is later garbage collected Major Resolved Fixed
Bug CONF-14493 Password is being logged for 500 errors Major Resolved Fixed
Bug CONF-14386 Empty gallery macro throws error in HTML and PDF export Major Resolved Fixed
Bug CONF-14337 XSS in the Widget Connector Critical Resolved Fixed
Bug CONF-14326 Site search query box and submit button too small with Left Nav theme and Clickr theme Major Resolved Fixed
Improvement CONF-14310 Studio plugins: Using components not available to plugins Resolved Fixed
Bug CONF-14178 System error when adding users to a group if the group name contains a space Major Resolved Fixed
Improvement CONF-14127 New evaluation expiry message Resolved Fixed
Bug CONF-14102 anti-XSS mode breaks RTE-by-default editing and view page source Major Resolved Fixed
Showing 20 out of 32 issues Refresh

Click here to open a report on http://jira.atlassian.com for Resolved or Closed issues in Confluence 2.10.3.

  • No labels