Confluence 2.6.2 Release Notes
Atlassian is proud to announce the release of Confluence 2.6.2. This is a highly recommended upgrade, because it fixes some security flaws which may affect Confluence instances in a public environment. These flaws are XSS (cross-site scripting) vulnerabilities in some of Confluence's macros and Wiki Markup, which potentially allowed a user to insert malicious HTML tags or script into a Confluence page. Please refer to the Security Advisory for details.
This point release also includes more than 20 other fixes and improvements.
As part of our drive to tighten up the security in Confluence, we have removed support for the 'style' attribute in the Wiki Markup for images. This was an undocumented feature, which is now no longer available. To help those who may have used the 'style' tag to add colored borders, we have added a new 'bordercolor' attribute to the image markup.
The PDF and HTML space exports are now more reliable than in Confluence 2.6.0 and 2.6.1. We've fixed the failure to send daily digest email notifications. (This problem occurred when the Confluence instance contained draft pages.) This release also contains some improvements in the wiki's support of internationalization. And you'll be delighted to see that the plus and minus buttons are back, next to the 'Recently Updated' section of the Dashboard – so you can now increase or decrease the number of items you see in that section.
There's a complete list of fixes below. You can download Confluence 2.6.2 from the download centre.
Upgrading from a previous version of Confluence
Upgrading Confluence should be fairly straightforward. Please read the upgrade instructions. We strongly recommend that you back up your confluence.home
directory and database before upgrading!