Confluence 2.10.3 Release Notes

15 April 2009

Confluence 2.10.3 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

General Fixes

A bug was identified, whereby viewing or editing restrictions could not be assigned to a page, whose parent page contained an apostrophe in its title and also possessed existing page restrictions. This bug has now been fixed.

When a user is restricted from viewing a page, Confluence presents them with a more informative Access Denied error rather than a general Page Not Found error.

When the {gallery} macro is used on a page with no parameters or image attachments, it would render into an error in HTML or PDF exports. This issue has now been fixed.

An issue was identified whereby under certain circumstances, clicking on a page's or blog's thumbnail image to expand it would result in a Runtime Error in Internet Explorer versions 6 and 7. This issue has now been fixed.

Widget Connector Plugin

Several new features have been added to the Widget Connector Plugin packaged with Confluence 2.10.3, including support for new widget, video and micro-blogging sites. Other supported features include Google Calendar and the Wufoo HTML Form Builder. For more information on how to add these features to your Confluence page or blog, refer to Widget Connector Macro.

Episodic made changes to the format of IDs they designate for all new videos, allowing them to be alphanumeric rather than solely numeric. The Widget Connector plugin has been updated to support this new URL format.

Engine Room Fixes

An issue was identified in Confluence's PDF Export feature that could result in memory leaks. These in turn may have affected the performance and stability of Confluence instances. This issue has now been fixed.

A few other issues were identified which under certain or specific circumstances, could affect the stability of Confluence. However, these have now been fixed.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 2.10 yet?

Take a look at the new features and other highlights in the Confluence 2.10 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 2.10.3 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

T Key Summary P Status Resolution
Suggestion CONF-21022 Provide option to return unauthorized message rather than 404 when user does not have permissions for page Resolved Won't Fix
Bug CONF-17439 Fix the 2.10 patch for link insertion point in IE RTE Medium Resolved Fixed
Suggestion CONF-16288 Setting a restriction on List Pages - Tree View page Resolved Won't Fix
Bug CONF-15541 Previewing a page does not display long content when Confluence is embedded in a frame Medium Resolved Invalid
Bug CONF-14988 SAXParser memory leaks Highest Resolved Fixed
Bug CONF-14922 com.sun.pdfview.font.Type1CFont.readCommand( consumes 100% CPU, blocks all other pdf threads High Resolved Fixed
Bug CONF-14849 Discarding a draft and refreshing the page results in an error Low Resolved Fixed
Bug CONF-14753 XSS vulnerability can be exploited with the Page Index macro Highest Resolved Fixed
Bug CONF-14704 Impropper sanitisation of attachment filenames allows header injection High Resolved Fixed
Bug CONF-14537 Can not alter the permissons on a page, if the parent page has permissions and the parent has an apostrophe in the page name. Similar to CONF-10717 High Resolved Fixed
Bug CONF-14510 Fix upgrade tasks that access the database through a connection from the HibernateSession which is later garbage collected Medium Resolved Fixed
Bug CONF-14493 Password is being logged for 500 errors Medium Resolved Fixed
Bug CONF-14386 Empty gallery macro throws error in HTML and PDF export Medium Resolved Fixed
Bug CONF-14337 XSS in the Widget Connector High Resolved Fixed
Bug CONF-14326 Site search query box and submit button too small with Left Nav theme and Clickr theme Medium Resolved Fixed
Suggestion CONF-14310 Studio plugins: Using components not available to plugins Resolved Fixed
Bug CONF-14178 System error when adding users to a group if the group name contains a space Medium Resolved Fixed
Suggestion CONF-14127 New evaluation expiry message Resolved Fixed
Bug CONF-14102 anti-XSS mode breaks RTE-by-default editing and view page source Medium Resolved Fixed
Bug CONF-14092 AspectJ caused CAC crash 2008-12-31 High Resolved Fixed
Showing 20 out of 31 issues Refresh

Click here to open a report on for Resolved or Closed issues in Confluence 2.10.3.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport