This page last changed on Aug 07, 2007 by smaddox.

Confluence 2.5.6 is a recommended upgrade that resolves a number of security bugs and other issues you may have encountered in Confluence 2.5.5 or earlier.

As such this release is a recommended upgrade for all customers.

Confluence 2.5.6 can be downloaded from http://www.atlassian.com/software/confluence/ConfluenceDownloadCenter.jspa, and is a free upgrade for all customers who purchased their Confluence license or maintenance renewal after August 8th 2006.

Upgrading to Confluence 2.5.6

Upgrading Confluence should be fairly straightforward. You can find instructions here. We strongly recommend that you backup your confluence.home directory and database before upgrading!

Changes in 2.5.6

  • For details about the security fixes, please see the security advisory.
  • CONF-8944 resolves a Crowd integration issue for Confluence 2.5.6 and later.
  • The Crowd integration fix will be ported to previous Confluence versions in the near future - please see CONF-9122.

Here's a complete list of the bug fixes in Confluence 2.5.6:

Atlassian JIRA (19 issues)
T Key Summary Pr Status Res
Task CONF-9073 Changes to Crowd and Confluence integration instructions Major ResolvedResolved FIXED
Bug CONF-9067 Division by zero in SnipSnapImporter Minor ResolvedResolved FIXED
Bug CONF-9060 Missing text in breadcrumbs when viewing changes since last login Minor ResolvedResolved FIXED
Bug CONF-9000 OutOfMemoryError's during indexing Major ResolvedResolved FIXED
Bug CONF-8993 Reflected XSS Vulnerability in the Feed Builder Critical ResolvedResolved FIXED
Improvement CONF-8989 Index rebuild tasks involving an index optimization produce an OutOfMemoryError when there are many large textual attachments Major ResolvedResolved FIXED
Bug CONF-8980 XSS vulnerability at "Edit Space Permissions" Critical ResolvedResolved FIXED
Bug CONF-8979 Vulnerability against DoS attack at permission setting Critical ResolvedResolved FIXED
Bug CONF-8978 Vulnerability against DoS attack via labels Critical ResolvedResolved FIXED
Bug CONF-8956 stored XSS vulnerability in app/themes/leftnavigation/configuretheme.action Critical ResolvedResolved FIXED
Bug CONF-8952 XSS vulnerability in app/pages/listpages-alphaview.action Critical ResolvedResolved FIXED
Bug CONF-8951 XSS vulnerability in app/spaces/editspace.action Critical ClosedClosed DUPLICATE
Bug CONF-8950 XSS vulnerability in app/spaces/listattachmentforspace.action Critical ResolvedResolved FIXED
Bug CONF-8944 Profile settings are lost when using Crowd with Confluence Major ClosedClosed FIXED
Bug CONF-8914 "Save" button mentioned as "Update" on change password screen Trivial ResolvedResolved FIXED
Bug CONF-8869 JavaScript error occurs when editing a page without having permission to restrict it Minor ResolvedResolved FIXED
Improvement CONF-8623 Improve and speed up plugin resource loading Major ResolvedResolved FIXED
New Feature CONF-7414 Officially support mySQL 5.0 Major ResolvedResolved FIXED
Bug CONF-3673 Page restrictions do not restrict Space Administrators Major ResolvedResolved FIXED

Document generated by Confluence on Dec 20, 2007 19:01