This page last changed on Mar 19, 2008 by smaddox.

19 March 2008
Confluence 2.7.3 is a recommended upgrade which focuses on fixing a number of security flaws. Please refer to the security advisory for details of the vulnerabilities, risk assessment and mitigation strategies.

There's a complete list of fixes below. Click a specific issue to see details of the fix, and to download patches where relevant.

Don't have Confluence 2.7 yet?
Take a look at the new features and other highlights in the Confluence 2.7 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 2.7.3 Upgrade Guide. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

Atlassian JIRA (13 issues)
T Key Summary Pr Status Res
Bug CONF-11316 Removing user throws NullPointerException Major Closed FIXED
Bug CONF-11153 XSS vulnerability in social bookmarking plugin bundled in Confluence Major Resolved FIXED
Bug CONF-11149 XSS vulnerability in browseusers.vm Major Resolved FIXED
Bug CONF-11141 XSS vulnerabilities in insert image and link actions Major Resolved FIXED
Bug CONF-11081 URL not encoded for group browser Major Resolved FIXED
Bug CONF-11042 XSS vulnerabilities in create space action Major Resolved FIXED
Bug CONF-11040 Grouppicker and Userpicker display unescaped user-entered content Major Resolved FIXED
Bug CONF-11027 XSS vulnerabilities in create/edit/copy page and blogpost actions Major Resolved FIXED
Bug CONF-11026 username not validated in add user to favourites action Major Resolved FIXED
Bug CONF-11019 Fix XSS vulnerabilities in the stacktraces and cause by's displayed on the 500 error page Major Resolved FIXED
Bug CONF-11005 XSS vulnerability in signup actions Major Resolved FIXED
Bug CONF-11002 viewuser.action has an XSS problem around username Major Resolved FIXED
Bug CONF-9559 Cross-site scripting vulnerability in /dashboard.action Critical Resolved FIXED


Document generated by Confluence on Jun 24, 2008 18:02