This page last changed on Apr 15, 2009 by ggaskell.

15 April 2009

Confluence 2.10.3 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

General Fixes

A bug was identified, whereby viewing or editing restrictions could not be assigned to a page, whose parent page contained an apostrophe in its title and also possessed existing page restrictions. This bug has now been fixed.

When a user is restricted from viewing a page, Confluence presents them with a more informative Access Denied error rather than a general Page Not Found error.

When the {gallery} macro is used on a page with no parameters or image attachments, it would render into an error in HTML or PDF exports. This issue has now been fixed.

An issue was identified whereby under certain circumstances, clicking on a page's or blog's thumbnail image to expand it would result in a Runtime Error in Internet Explorer versions 6 and 7. This issue has now been fixed.

Widget Connector Plugin

Several new features have been added to the Widget Connector Plugin packaged with Confluence 2.10.3, including support for new widget, video and micro-blogging sites. Other supported features include Google Calendar and the Wufoo HTML Form Builder. For more information on how to add these features to your Confluence page or blog, refer to Widget Macro.

Episodic made changes to the format of IDs they designate for all new videos, allowing them to be alphanumeric rather than solely numeric. The Widget Connector plugin has been updated to support this new URL format.

Engine Room Fixes

An issue was identified in Confluence's PDF Export feature that could result in memory leaks. These in turn may have affected the performance and stability of Confluence instances. This issue has now been fixed.

A few other issues were identified which under certain or specific circumstances, could affect the stability of Confluence. However, these have now been fixed.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 2.10 yet?

Take a look at the new features and other highlights in the Confluence 2.10 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 2.10.3 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

JIRA Issues (30 issues)
Type Key Summary Priority Status Resolution
Bug CONF-15541 Previewing a page does not display long content when Confluence is embedded in a frame Major Resolved Invalid
Bug CONF-15538 em dash in the attachment causes Confluence's crash Major Resolved Duplicate
Bug CONF-14988 SAXParser memory leaks Blocker Resolved Fixed
Bug CONF-14922 com.sun.pdfview.font.Type1CFont.readCommand(Type1CFont.java:357) consumes 100% CPU, blocks all other pdf threads Critical Resolved Fixed
Bug CONF-14849 Discarding a draft and refreshing the page results in an error Minor Resolved Fixed
Task CONF-14775 Add new filter and response wrapper to prevent header injection attacks Major Resolved Fixed
Bug CONF-14753 XSS vulnerability can be exploited with the Page Index macro Blocker Resolved Fixed
Bug CONF-14704 Impropper sanitisation of attachment filenames allows header injection Critical Resolved Fixed
Bug CONF-14537 Can not alter the permissons on a page, if the parent page has permissions and the parent has an apostrophe in the page name. Similar to CONF-10717 Critical Resolved Fixed
Bug CONF-14510 Fix upgrade tasks that access the database through a connection from the HibernateSession which is later garbage collected Major Resolved Fixed
Bug CONF-14493 Password is being logged for 500 errors Major Resolved Fixed
Bug CONF-14386 Empty gallery macro throws error in HTML and PDF export Major Resolved Fixed
Bug CONF-14337 XSS in the Widget Connector Critical Resolved Fixed
Bug CONF-14326 Site search query box and submit button too small with Left Nav theme and Clickr theme Major Resolved Fixed
Improvement CONF-14310 Studio plugins: Using components not available to plugins Major Resolved Fixed
Bug CONF-14178 System error when adding users to a group if the group name contains a space Major Resolved Fixed
Improvement CONF-14127 New evaluation expiry message Major Resolved Fixed
Bug CONF-14102 anti-XSS mode breaks RTE-by-default editing and view page source Major Resolved Fixed
Bug CONF-14092 AspectJ caused CAC crash 2008-12-31 Critical Resolved Fixed
Bug CONF-13785 Errors when exporting demonstration space after migration to 2.10-m8 Major Resolved Fixed
Bug CONF-13771 HTML export results in NPE from requireResource velocimacro when used by plugins Major Resolved Fixed
Bug CONF-13494 SOAP calls break when trying to write {tasklist} macro in contents Major Resolved Fixed
Bug CONF-13331 Search box display issue when not using default theme in IE and FireFox Major Resolved Fixed
Bug CONF-13316 NullPointerException thrown if user cannot move attachments Major Resolved Fixed
Bug CONF-13063 Confluence Advanced Search Pane search text box is flattened vertically in 2.91 using Left Navigation Theme Minor Resolved Fixed
Bug CONF-12835 Error in Java Script when adding an image thumbnail and clicking on it Major Resolved Fixed
Bug CONF-12366 Image width and height are to 32 by wysiwyg editor for missing image files. Major Resolved Fixed
Bug CONF-11552 height and width of embedded movies is changed to 32 by Rich Text Editor Major Resolved Fixed
Bug CONF-9239 "Page not found" (404) is displayed to users without view permissions, should be "Access denied" Major Resolved Fixed
Bug CONF-8130 image link breaks if the target is renamed Minor Resolved Fixed

Click here to open a report on http://jira.atlassian.com for Resolved or Closed issues in Confluence 2.10.3.

Document generated by Confluence on Nov 05, 2009 23:28