Confluence 3.0.1 Release Notes

20 August 2009

Confluence 3.0.1 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

Critical issue affecting non-clustered implementations of Confluence 3.0.1

Non-clustered (i.e. you do not have a clustered license) implementations of Confluence 3.0.1 are affected by an issue that can cause Confluence to crash. Please read the Confluence 3.0.1 Upgrade Notes for details on the issue and instructions on how to address it.

Attachment Handling Fixes

When a hierarchy of pages was moved from one space to another, the attachments on child or descendent pages of the parent page were not correctly moved. Instead, users would have to move one page at a time between spaces in order to maintain page attachment integrity. This issue has now been resolved.

Sporadic issues associated with attachment migration occurred when upgrading from either Confluence 2.9.x or 2.10.x, to 3.0. These have now been fixed.

Macro Fixes

A bug was identified in which excerpted content would not be rendered in a blog post macro until the source page containing that content had first been viewed. This phenomenon could occur when excerpt include macros were used in a blog post. It could also occur when excerpt macros were used in a blog post in conjunction with the content=excerpts blog post macro parameter. This problem has now been fixed.

An issue was found with the tasklist macro whereby special characters used in its title were not correctly escaped. This has now been resolved.

Rich Text Editor Fixes

An issue was found in which the Rich Text Editor's link removal feature (available from the right-click context menu) did not work with external links. This has now been resolved.

In the Firefox web browser, the spell checker is now automatically enabled by default in the Rich Text Editor. Users no longer have to first disable the right-click context menu and then enable and select 'Check Spelling' from the Firefox's own right-click context menu.

An issue was identified, which prevented the ability to escape from the quote text effect once it had been selected. This has now been addressed, such that a paragraph is automatically added after selecting this text effect.

Other Enhancements and Fixes

When a Confluence administrator first installs Confluence, runs through the Confluence Setup Wizard and then reaches the database configuration step, the database password is now hidden and is no longer shown in clear text.

It is now possible to filter network RSS feeds by different content types. This is achieved by implementing parameter modifications to the RSS feed link in your RSS newsreader. For more information, please refer to Subscribe to a Network RSS Feed.

Some customers experienced problems importing their site backup from a previous version of Confluence into version 3.0. This has now been resolved in Confluence 3.0.1.

An issue was identified in which multiple blog posts posted on a single day would be listed out of chronological order. This has now been fixed and multiple blog posts posted on a single day are now ordered according to their time of creation.

A problem was identified when accessing Confluence content in Internet Explorer that caused file downloads to fail over an SSL connection. This problem has now been fixed in this release of Confluence.

An issue was found in the page tree views on instances of Confluence running on Weblogic 10.x. This has now been resolved.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 3.0 yet?

Take a look at the new features and other highlights in the Confluence 3.0 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.0.1 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

Loading
T Key Summary P Status Resolution
Bug CONF-16141 Directory traversal in Profile Picture path - leads to privilege escalation in < 3.0 Blocker Resolved Fixed
Bug CONF-16136 XSS vulnerability can be exploited on the WebDAV Configuration page Blocker Resolved Fixed
Bug CONF-16135 XSS vulnerability in space name when page move would create a duplicate Blocker Resolved Fixed
Bug CONF-16348 Attachment File Not Found - in children pages when a page is moved to another space Critical Resolved Fixed
Bug CONF-16019 XSS vulnerability when moving page between spaces Critical Resolved Fixed
Bug CONF-16509 Upgrading from any version before 2.9 to 3.0 doesn't migrate attachments and/or breaks custom space logos Major Resolved Fixed
Bug CONF-16466 Attachment migration from 2.10 to 3.0 fails Major Resolved Fixed
Task CONF-16420 Update PDF export plugin to be compatible with new cluster/cache architecture Major Resolved Fixed
Task CONF-16311 Build a Standard Edition of Confluence 3.0 (without Coherence) Major Resolved Fixed
Bug CONF-16225 Some bundled themes don't support web resource injection Major Resolved Fixed
Bug CONF-16209 XSS in PDF screen Major Resolved Fixed
Bug CONF-16084 Cannot filter a network feed by contentType Major Resolved Fixed
Bug CONF-16016 The JIRA Issues Macro in the Macro Browser is missing two parameters - "renderMode" and "baseurl". Major Resolved Fixed
Bug CONF-16014 Blog Posts Macro only renders excerpts if target page has been rendered Major Resolved Fixed
Bug CONF-16005 The Favourite Pages Macro in the Macro Browser is missing its "Maximum Number of Results" parameter. Major Resolved Fixed
Improvement CONF-15997 Invalid error message when Updating status and session expired Resolved Fixed
Bug CONF-15970 XSS in user links Major Resolved Fixed
Bug CONF-15940 Server Base URL not set when sending a support request email... Major Resolved Fixed
Bug CONF-15923 Unlink in RTE doesn't work for external links Major Resolved Fixed
Bug CONF-15908 Tasklist macros double escaping titles in IE Major Resolved Fixed
Showing 20 out of 44 issues Refresh

Click here to open a report on http://jira.atlassian.com for Resolved or Closed issues in Confluence 3.0.1.

Was this helpful?

Thanks for your feedback!

Powered by Confluence and Scroll Viewport