Confluence 3.0.2 Release Notes

6 October 2009

Confluence 3.0.2 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

Critical issue affecting non-clustered implementations of Confluence 3.0.2

Non-clustered (i.e. you do not have a clustered license) implementations of Confluence 3.0.2 are affected by an issue that can cause Confluence to crash. Please read the Confluence 3.0.2 Upgrade Notes for details on the issue and instructions on how to address it.

Editing and Visual Improvements

A bug in the Rich Text Editor lead to the generation of line break and other character formatting problems after saving a page. This bug has been fixed.

The sizes of some headings were considered too similar to be visually distinguishable on a page, especially when the headings were separated by intervening text content. This was particularly the case for heading sizes 2 and 3. Hence, the sizes of headings were modified to make them visually more distinct.

The format of colors used in Confluence's user profile areas has been modified slightly to make headings more prominent and form labels clearer.

The blog posts macro was missing the 'Restrict to These Authors' (author) parameter from the macro browser. However, this parameter is now available in the macro browser.

Other Enhancements and Fixes

Some customers' users experienced long delays while logging into Confluence, especially when their user accounts belonged to groups containing a large number of other user accounts. This issue was fixed.

Customers were able to generate Confluence page PDF exports directly from external web sites by adding the 'Export to PDF' link (accessible via a Confluence page's 'Tools' menu) to their external web pages. Unfortunately, this function was broken by the introduction of the form token handling security enhancement feature introduced in Confluence 3.0. In Confluence 3.0.2, however, this issue was resolved.

Some customers experienced an issue in which automatic content indexing would stop. This problem has been resolved.

When browsing Active Directory groups in Confluence, it was not possible to view group members if the LDAP Distinguished Names (DN) did not include the username. This bug was fixed.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 3.0 yet?

Take a look at the new features and other highlights in the Confluence 3.0 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.0.2 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

T Key Summary P Status Resolution
Bug CONF-16996 findPagesWithHistoricalTitle broken on Oracle / DB2 Highest Resolved Fixed
Bug CONF-16847 Comments look funny in Internet Explorer 7 Highest Resolved Fixed
Bug CONF-16651 XSS vulnerability can be exploited with the pagetree macro Highest Resolved Fixed
Bug CONF-16644 XSS vulnerability can be exploited with the Userlister macro Highest Resolved Fixed
Bug CONF-15440 XSS vulnerability can be exploited with the contentbylabel macro High Resolved Fixed
Bug CONF-15108 Session Fixation attack using JSESSIONID in Confluence High Resolved Fixed
Bug CONF-13754 HibernateGroupManager.hasExternalMembership() is slow for group with thousands of users High Resolved Fixed
Bug CONF-8496 WEBDAV 1.1 plugin truncates all URL's by one character High Resolved Fixed
Bug CONF-16459 PDF export link cannot be published to other sites... Medium Resolved Fixed
Bug CONF-16428 Saving a page can lead to round-trip errors that do not occur by just switching tabs. Medium Resolved Fixed
Bug CONF-14512 Newline lost between panel macro and table or list breaking markup Medium Resolved Fixed
Bug CONF-13894 Recently-updated macros show all content under the same time and date when showProfilePic=true Medium Resolved Fixed
Bug CONF-9575 Content Indexing stops Medium Resolved Fixed
Bug CONF-6085 Can't find group members of group when DN does not include username Medium Resolved Fixed
Bug CONF-20653 Menu dropdowns appearing behind tabs in IE7 Low Resolved Fixed
Bug CONF-17159 The new {code} macro puts line numbers in text when I copy/paste Low Resolved Duplicate
Bug CONF-16955 Support Entitlement Number is listed twice on the System Information page Low Resolved Fixed
Bug CONF-16774 Allow system plugins to be enabled Low Resolved Fixed
Bug CONF-16745 Change german translation on configuration page: Am --> Ein Low Resolved Fixed
Bug CONF-16683 superfluous </table></div> in /includes/common-listdecorators.vm Low Resolved Fixed
Showing 20 out of 21 issues Refresh

Click here to open a report on for Resolved or Closed issues in Confluence 3.0.2.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport