Confluence 3.2.1 Release Notes

This release fixes some security flaws. Please refer to the security advisory for details of the security vulnerabilities, risk assessment and mitigation strategies.

4 May 2010

Confluence 3.2.1 is a recommended upgrade which fixes some security flaws and other bugs.

As part of the security update we have made changes to Confluence functionality, including some parts of the Administration Console. Please refer to the security advisory for a summary of changed behavior. We have updated the documentation where relevant.

We have also fixed a bug that caused an out of memory error when attempting to display an Excel spreadsheet on a Confluence page. Before this fix, the error might occur if the spreadsheet has a large number of empty cells. Confluence now limits the number of spreadsheet cells it will display. By default, the maximum is 10000 cells. The Confluence administrator can adjust this value in the Office Connector configuration screen, as described in the documentation.

Purging items from a space's trash can was very slow and blocked all other database updates. This is now fixed.

A bug introduced in Confluence 3.2 prevented people from adding a page when using the Left Navigation theme. We have fixed this too.

In Confluence 3.2, we mistakenly introduced the words 'Needs to be updated' into the French and German translations of the UI text in the left navigation theme. We have now removed the extra text. The UI wording is still in English, not translated into French or German, but at least it no longer calls attention to this fact.

Don't have Confluence 3.2 yet?

Take a look at the new features and other highlights in the Confluence 3.2 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.2.1 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

T Key Summary P Status Resolution
Bug CONF-19441 XSS in page renderer Highest Resolved Fixed
Bug CONF-19404 XSS vulnerability in some JSPs under admin section Highest Resolved Fixed
Bug CONF-19403 XSS vulnerability in Advanced Macros plugin Highest Resolved Fixed
Bug CONF-19382 XSS vulnerability in search Highest Resolved Fixed
Bug CONF-19381 XSS Bookmark vulnerabilities Highest Resolved Fixed
Bug CONF-19402 Only strings are encoded High Resolved Fixed
Bug CONF-19388 Possible XSS injection in attachment upload High Resolved Fixed
Bug CONF-19384 XSS vulnerability in Colour Scheme settings High Resolved Fixed
Bug CONF-50000 Cursor position jumps from JQL field to title field when creating new JIRA calendar Medium Resolved Fixed
Bug CONF-49985 Drag and drop Jira issue does not move. Medium Resolved Duplicate
Bug CONF-19416 Semi-colon separator used to work for image properties, but doesn't in 3.2.1 which causes broken images on CAC Medium Resolved Not a bug
Bug CONF-19401 BootstrapManager exposed in layout templates should be read only Medium Resolved Fixed
Bug CONF-19395 The list of Confluence administrators is accessible via a URL Medium Resolved Fixed
Bug CONF-19142 Can't add pages while using Left Nav theme in Confluence 3.2 Medium Resolved Fixed
Bug CONF-18972 Searching for a link using auto-complete replaces your link text with the search result Medium Resolved Fixed
Bug CONF-18626 UWC Link in Confluence Administration is broken Medium Resolved Fixed
Bug CONF-17718 Downloading a .docx file in IE7/WinXP gives it a .zip extension (technically true but the average end-user wouldn't know that). Medium Resolved Fixed
Bug CONF-15946 I18NBean getText method spamming EAC logs Medium Resolved Fixed
Bug CONF-14677 Jira portlet macro contains huge gap Medium Resolved Fixed
Bug CONF-50064 When scrolling horizontally in timeline view events randomly adjust and jump around (hip-hop style) Low Resolved Fixed
Showing 20 out of 30 issues Refresh

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport