This page last changed on Oct 06, 2009 by ggaskell.

6 October 2009

Confluence 3.0.2 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

Editing and Visual Improvements

A bug in the Rich Text Editor lead to the generation of line break and other character formatting problems after saving a page. This bug has been fixed.

The sizes of some headings were considered too similar to be visually distinguishable on a page, especially when the headings were separated by intervening text content. This was particularly the case for heading sizes 2 and 3. Hence, the sizes of headings were modified to make them visually more distinct.

The format of colours used in Confluence's user profile areas has been modified slightly to make headings more prominent and form labels clearer.

The blog posts macro was missing the 'Restrict to These Authors' (author) parameter from the macro browser. However, this parameter is now available in the macro browser.

Other Enhancements and Fixes

Some customers' users experienced long delays while logging into Confluence, especially when their user accounts belonged to groups containing a large number of other user accounts. This issue was fixed.

Customers were able to generate Confluence page PDF exports directly from external web sites by adding the 'Export to PDF' link (accessible via a Confluence page's 'Tools' menu) to their external web pages. Unfortunately, this function was broken by the introduction of the form token handling security enhancement feature introduced in Confluence 3.0. In Confluence 3.0.2, however, this issue was resolved.

Some customers experienced an issue in which automatic content indexing would stop. This problem has been resolved.

When browsing Active Directory groups in Confluence, it was not possible to view group members if the LDAP Distinguished Names (DN) did not include the username. This bug was fixed.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 3.0 yet?

Take a look at the new features and other highlights in the Confluence 3.0 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.0.2 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

JIRA Issues (20 issues)
Type Key Summary Priority Status Resolution
Bug CONF-16651 XSS vulnerability can be exploited with the pagetree macro Blocker Resolved Fixed
Bug CONF-16644 XSS vulnerability can be exploited with the Userlister macro Blocker Resolved Fixed
Bug CONF-15440 XSS vulnerability can be exploited with the contentbylabel macro Critical Resolved Fixed
Bug CONF-15108 Session Fixation attack using JSESSIONID in Confluence Critical Resolved Fixed
Bug CONF-13754 HibernateGroupManager.hasExternalMembership() is slow for group with thousands of users Critical Resolved Fixed
Bug CONF-16459 PDF export link cannot be published to other sites... Major Resolved Fixed
Bug CONF-16428 Saving a page can lead to round-trip errors that do not occur by just switching tabs. Major Resolved Fixed
Improvement CONF-15585 Use #333 for Headings in Confluence and #666 for labels Major Resolved Fixed
Bug CONF-14512 Newline lost between panel macro and table or list breaking markup Major Resolved Fixed
Improvement CONF-9954 h2 and h3 are too similar in Confluence 2.6 Major Resolved Fixed
Bug CONF-9575 Content Indexing stops Major Resolved Fixed
Improvement CONF-8148 Cluster safety job should be made more generic and report multiple deployments with same DB as well Major Resolved Fixed
Bug CONF-6085 Can't find group members of group when DN does not include username Major Resolved Fixed
Bug CONF-17159 The new {code} macro puts line numbers in text when I copy/paste Minor Resolved Duplicate
Bug CONF-16955 Support Entitlement Number is listed twice on the System Information page Minor Resolved Fixed
Bug CONF-16774 Allow system plugins to be enabled Minor Resolved Fixed
Bug CONF-16089 The blog posts macro is missing the 'author' parameter from the macro browser. Minor Resolved Fixed
Improvement CONF-13635 Show permgen, xmx and xms memory settings in the System Info Minor Resolved Fixed
Bug CONF-16745 Change german translation on configuration page: Am --> Ein Trivial Resolved Fixed
Bug CONF-16683 superfluous </table></div> in /includes/common-listdecorators.vm Trivial Resolved Fixed

Click here to open a report on http://jira.atlassian.com for Resolved or Closed issues in Confluence 3.0.2.

Document generated by Confluence on Dec 10, 2009 18:41