Issues resolved in 8.5.9

The Atlassian Confluence team is pleased to announce the release of Confluence 8.5.9, which is a bug-fix release.


Don't have Confluence 8.5 yet?


Check out the new features and other highlights in the Confluence 8.5 Release Notes.

Get the latest version

We recommend you read the Confluence 8.5 Upgrade Notes and you back up your confluence-home directory and database before upgrading.

Released on 09 May 2024

T Key Summary Status
Suggestion CONFSERVER-40640 Add system property to allow for whitelisting domain(s) when clickjacking protection is disabled Closed
Bug CONFSERVER-95123 Knowledge base article cannot be displayed on the customer portal when JSM is integrated with Confluence 8.5.7+ Closed
Public Security Vulnerability CONFSERVER-98713 com.hazelcast:hazelcast Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-98442 DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-97794 DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-96134 Stored XSS in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95975 DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95974 DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95943 SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95942 SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95840 Improper Authorization org.springframework.security:spring-security-core Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95839 Improper Authorization com.hazelcast:hazelcast Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95835 DoS (Denial of Service) org.apache.tomcat:tomcat-websocket Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95834 DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server Published
Public Security Vulnerability CONFSERVER-95832 RCE (Remote Code Execution) in Confluence Data Center and Server Published
Bug CONFSERVER-91517 Drag and Drop of events in Team Calendar doesn't work Closed
Bug CONFSERVER-95272 REST API pagination (eg, /rest/api/space) returns more data than available Closed
Bug CONFSERVER-94606 Getting HTTP 400 while saving a question in Confluence Closed
Bug CONFSERVER-94256 Getting HTTP 400 while saving a page template or Stylesheet Closed
19 issues Refresh

Last modified on Dec 9, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.