This page last changed on Nov 27, 2007 by smaddox.

27 November 2007

Atlassian is proud to announce the release of Confluence 2.6.2. This is a highly recommended upgrade, because it fixes some security flaws which may affect Confluence instances in a public environment. These flaws are XSS (cross-site scripting) vulnerabilities in some of Confluence's macros and Wiki Markup, which potentially allowed a user to insert malicious HTML tags or script into a Confluence page. Please refer to the Security Advisory for details.

This point release also includes more than 20 other fixes and improvements.

As part of our drive to tighten up the security in Confluence, we have removed support for the 'style' attribute in the Wiki Markup for images. This was an undocumented feature, which is now no longer available. To help those who may have used the 'style' tag to add coloured borders, we have added a new 'bordercolor' attribute to the image markup.

The PDF and HTML space exports are now more reliable than in Confluence 2.6.0 and 2.6.1. We've fixed the failure to send daily digest email notifications. (This problem occurred when the Confluence instance contained draft pages.) This release also contains some improvements in the wiki's support of internationalisation. And you'll be delighted to see that the plus and minus buttons are back, next to the 'Recently Updated' section of the Dashboard – so you can now increase or decrease the number of items you see in that section.

There's a complete list of fixes below. You can download Confluence 2.6.2 from the download centre.

Upgrading from a previous version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the upgrade instructions. We strongly recommend that you back up your confluence.home directory and database before upgrading!

Updates and fixes in this release

Errors were reported by the JIRA trusted connection.

  • APP_UNKNOWN; Unknown Application: {0}; ["confluence:4557196"]
JIRA Issues (26 issues)
Type Key Summary Priority Status Resolution
Bug CONF-10042 log4j references ConfluenceHomeLogAppender class that does not exist in 2.6.1 Critical Resolved Fixed
Task CONF-10008 Document bordercolor attribute on wiki markup for images Minor Resolved Fixed
Bug CONF-9975 error saving new or existing documents when using the Rich Text Editor Major Resolved Fixed
Bug CONF-9890 Typo in the Wiki Notation guide - {{monspaced}} Minor Resolved Fixed
Bug CONF-9877 CustomCJKAnalyzer does not work with JDK 1.6 Major Resolved Fixed
Bug CONF-9873 Concurrent Modification Exception caused when accessing a space in clustered version of Confluence Major Resolved Fixed
Improvement CONF-9866 Replace System.out, System.err and printStackTrace references with logging Major Resolved Fixed
Bug CONF-9807 On the Administrators page e-mail addresses are shown "mailto:user@domain.com" instead of "user@domain.com" Major Resolved Fixed
Task CONF-9804 Move the XFire dependency for Crowd from 1.2.1 to 1.2.6 Major Resolved Fixed
Bug CONF-9803 Open source Confluence system and bundled plugins Critical Closed Fixed
Bug CONF-9781 Duplicate Webwork JAR in Confluence 2.6-stable Major Resolved Fixed
Bug CONF-9773 Image thumbnail links on dashboard recently updated don't use context path in URL Minor Resolved Fixed
Bug CONF-9771 NullPointerException when exporting space on Websphere and JBoss Major Resolved Fixed
Bug CONF-9770 Recent Changes on dashboard doesn't display plus/minus buttons to resize list Major Resolved Fixed
Bug CONF-9701 Daily report job not being generated when using drafts Major Resolved Fixed
Bug CONF-9659 PDF space export failing in Resin 3.x due to incorrect handling of HttpServletRequest Major Resolved Fixed
Bug CONF-9350 Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence Critical Resolved Fixed
Bug CONF-9299 Tiny Link can generate URLs ending with punctuations (which outlook doesn't like) Major Resolved Fixed
Improvement CONF-9258 Incorrect search results for single and double-byte Japanese strings Critical Resolved Fixed
Bug CONF-9238 Annonymous group loses view permission Critical Resolved Fixed
Bug CONF-8495 "Find Groups" Popup not working in IE Major Resolved Fixed
Bug CONF-7750 extractBundledPlugins Found atlassian-bundled-plugins.zip, but failed to read file Critical Resolved Fixed
Bug CONF-7680 Non-internationalised UI text in comments and space rss links Major Resolved Fixed
Bug CONF-7601 Images produced by macro plugins like Gliffy are not generated into .doc or .html exports Major Closed Fixed
Bug CONF-7362 captcha.response.empty key given when user cancels Major Resolved Fixed
Bug CONF-3427 PDF export doesn't handle {color} tag properly Minor Resolved Fixed

Document generated by Confluence on Dec 10, 2009 18:42