This page last changed on May 03, 2010 by smaddox.
This release fixes some security flaws. Please refer to the security advisory for details of the security vulnerabilities, risk assessment and mitigation strategies.

4 May 2010

Confluence 3.2.1 is a recommended upgrade which fixes some security flaws and other bugs.

As part of the security update we have made changes to Confluence functionality, including some parts of the Administration Console. Please refer to the security advisory for a summary of changed behaviour. We have updated the documentation where relevant.

We have also fixed a bug that caused an out of memory error when attempting to display an Excel spreadsheet on a Confluence page. Before this fix, the error might occur if the spreadsheet has a large number of empty cells. Confluence now limits the number of spreadsheet cells it will display. By default, the maximum is 10000 cells. The Confluence administrator can adjust this value in the Office Connector configuration screen, as described in the documentation.

Purging items from a space's trash can was very slow and blocked all other database updates. This is now fixed.

A bug introduced in Confluence 3.2 prevented people from adding a page when using the Left Navigation theme. We have fixed this too.

In Confluence 3.2, we mistakenly introduced the words 'Needs to be updated' into the French and German translations of the UI text in the left navigation theme. We have now removed the extra text. The UI wording is still in English, not translated into French or German, but at least it no longer calls attention to this fact.

Don't have Confluence 3.2 yet?

Take a look at the new features and other highlights in the Confluence 3.2 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.2.1 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

JIRA Issues (30 issues)
Type Key Summary Priority Status Resolution
Improvement CONF-19398 SOAP and XML-RPC APIs return too much information Resolved Fixed
Improvement CONF-19397 Path for daily backup is configurable through WEB UI Resolved Fixed
Improvement CONF-19393 Remove the download link for XML site backups Resolved Fixed
Improvement CONF-19331 Allow write configuration of certain fields in administration section Resolved Fixed
Bug CONF-19441 XSS in page renderer Blocker Resolved Fixed
Bug CONF-19404 XSS vulnerability in some JSPs under admin section Blocker Resolved Fixed
Bug CONF-19403 XSS vulnerability in Advanced Macros plugin Blocker Resolved Fixed
Bug CONF-19382 XSS vulnerability in search Blocker Resolved Fixed
Bug CONF-19381 XSS Bookmark vulnerabilities Blocker Resolved Fixed
Bug CONF-19402 Only strings are encoded Critical Resolved Fixed
Bug CONF-19388 Possible XSS injection in attachment upload Critical Resolved Fixed
Bug CONF-19384 XSS vulnerability in Colour Scheme settings Critical Resolved Fixed
Bug CONF-19416 Semi-colon separator used to work for image properties, but doesn't in 3.2.1 which causes broken images on CAC Major Resolved Not a bug
Bug CONF-19401 BootstrapManager exposed in layout templates should be read only Major Resolved Fixed
Bug CONF-19395 The list of Confluence administrators is accessible via a URL Major Resolved Fixed
Bug CONF-19142 Can't add pages while using Left Nav theme in Confluence 3.2 Major Resolved Fixed
Bug CONF-18972 Searching for a link using auto-complete replaces your link text with the search result Major Resolved Fixed
Bug CONF-18626 UWC Link in Confluence Administration is broken Major Resolved Fixed
Bug CONF-17718 Downloading a .docx file in IE7/WinXP gives it a .zip extension (technically true but the average end-user wouldn't know that). Major Resolved Fixed
Bug CONF-15946 I18NBean getText method spamming EAC logs Major Resolved Fixed
Bug CONF-14677 Jira portlet macro contains huge gap Major Resolved Fixed
Bug CONF-19392 Mail support request accepts any e-mail address Minor Resolved Fixed
Bug CONF-19391 Anonymise config files in support zip Minor Resolved Fixed
Bug CONF-19390 Not all error strings are encoded Minor Resolved Fixed
Bug CONF-19159 Prevent NPE being thrown on recently updated dashboard. Minor Resolved Fixed
Bug CONF-19073 Print footer got lost in new footer for 3.2 Minor Resolved Fixed
Bug CONF-19045 Downloading an Excel Microsoft Office 2007 file in IE7/WinXP gives it a .zip extension. Minor Resolved Fixed
Bug CONF-19028 Fixed Width Theme: Attachments macro content overlaps the personal space sidebar on IE7 Minor Resolved Fixed
Bug CONF-18887 Indexing excel files with lots of cells can lead to OOM errors Minor Resolved Fixed
Bug CONF-17292 Previewing Excel files with thousands of rows and/or columns can result in OutOfMemoryError Minor Resolved Fixed

Document generated by Confluence on Mar 16, 2011 18:39