This page last changed on Feb 11, 2010 by smaddox.

20 August 2009

Confluence 3.0.1 is a recommended upgrade which fixes some security flaws and other issues.

Please refer to the security advisory for details of the security vulnerabilities, risk assessments and mitigation strategies.

Critical issue affecting non-clustered implementations of Confluence 3.0.1
Non-clustered (i.e. you do not have a clustered license) implementations of Confluence 3.0.1 are affected by an issue that can cause Confluence to crash. Please read the Confluence 3.0.1 Upgrade Notes for details on the issue and instructions on how to address it.

Attachment Handling Fixes

When a hierarchy of pages was moved from one space to another, the attachments on child or descendent pages of the parent page were not correctly moved. Instead, users would have to move one page at a time between spaces in order to maintain page attachment integrity. This issue has now been resolved.

Sporadic issues associated with attachment migration occurred when upgrading from either Confluence 2.9.x or 2.10.x, to 3.0. These have now been fixed.

Macro Fixes

A bug was identified in which excerpted content would not be rendered in a blog post macro until the source page containing that content had first been viewed. This phenomenon could occur when excerpt include macros were used in a blog post. It could also occur when excerpt macros were used in a blog post in conjunction with the content=excerpts blog post macro parameter. This problem has now been fixed.

An issue was found with the tasklist macro whereby special characters used in its title were not correctly escaped. This has now been resolved.

Rich Text Editor Fixes

An issue was found in which the Rich Text Editor's link removal feature (available from the right-click context menu) did not work with external links. This has now been resolved.

In the Firefox web browser, the spell checker is now automatically enabled by default in the Rich Text Editor. Users no longer have to first disable the right-click context menu and then enable and select 'Check Spelling' from the Firefox's own right-click context menu.

An issue was identified, which prevented the ability to escape from the quote text effect once it had been selected. This has now been addressed, such that a paragraph is automatically added after selecting this text effect.

Other Enhancements and Fixes

When a Confluence administrator first installs Confluence, runs through the Confluence Setup Wizard and then reaches the database configuration step, the database password is now hidden and is no longer shown in clear text.

It is now possible to filter network RSS feeds by different content types. This is achieved by implementing parameter modifications to the RSS feed link in your RSS newsreader. For more information, please refer to Subscribing to a Network RSS Feed.

Some customers experienced problems importing their site backup from a previous version of Confluence into version 3.0. This has now been resolved in Confluence 3.0.1.

An issue was identified in which multiple blog posts posted on a single day would be listed out of chronological order. This has now been fixed and multiple blog posts posted on a single day are now ordered according to their time of creation.

A problem was identified when accessing Confluence content in Internet Explorer that caused file downloads to fail over an SSL connection. This problem has now been fixed in this release of Confluence.

An issue was found in the page tree views on instances of Confluence running on Weblogic 10.x. This has now been resolved.

There's a complete list of fixes below. Click a specific issue to see details of the fix.

Don't have Confluence 3.0 yet?

Take a look at the new features and other highlights in the Confluence 3.0 Release Notes.

Upgrading from a Previous Version of Confluence

Upgrading Confluence should be fairly straightforward. Please read the Confluence 3.0.1 Upgrade Notes. We strongly recommend that you back up your confluence.home directory and database before upgrading.

Updates and Fixes in this Release

JIRA Issues (44 issues)
Type Key Summary Priority Status Resolution
Improvement CONF-16218 Add a note into the admin screen explaining that you can use wiki markup and even an include macro to put an actual page onto the dashboard. Resolved Fixed
Improvement CONF-15997 Invalid error message when Updating status and session expired Resolved Fixed
Improvement CONF-15995 User Profile page does not indicate why name and e-mail address is uneditable when LDAP integrated. Resolved Fixed
Bug CONF-16141 Directory traversal in Profile Picture path - leads to privilege escalation in < 3.0 Blocker Resolved Fixed
Bug CONF-16136 XSS vulnerability can be exploited on the WebDAV Configuration page Blocker Resolved Fixed
Bug CONF-16135 XSS vulnerability in space name when page move would create a duplicate Blocker Resolved Fixed
Bug CONF-16348 Attachment File Not Found - in children pages when a page is moved to another space Critical Resolved Fixed
Bug CONF-16019 XSS vulnerability when moving page between spaces Critical Resolved Fixed
Bug CONF-16509 Upgrading from any version before 2.9 to 3.0 doesn't migrate attachments and/or breaks custom space logos Major Resolved Fixed
Bug CONF-16466 Attachment migration from 2.10 to 3.0 fails Major Resolved Fixed
Task CONF-16420 Update PDF export plugin to be compatible with new cluster/cache architecture Major Resolved Fixed
Task CONF-16311 Build a Standard Edition of Confluence 3.0 (without Coherence) Major Resolved Fixed
Bug CONF-16225 Some bundled themes don't support web resource injection Major Resolved Fixed
Bug CONF-16209 XSS in PDF screen Major Resolved Fixed
Bug CONF-16084 Cannot filter a network feed by contentType Major Resolved Fixed
Bug CONF-16016 The JIRA Issues Macro in the Macro Browser is missing two parameters - "renderMode" and "baseurl". Major Resolved Fixed
Bug CONF-16014 Blog Posts Macro only renders excerpts if target page has been rendered Major Resolved Fixed
Bug CONF-16005 The Favourite Pages Macro in the Macro Browser is missing its "Maximum Number of Results" parameter. Major Resolved Fixed
Bug CONF-15970 XSS in user links Major Resolved Fixed
Bug CONF-15940 Server Base URL not set when sending a support request email... Major Resolved Fixed
Bug CONF-15923 Unlink in RTE doesn't work for external links Major Resolved Fixed
Bug CONF-15908 Tasklist macros double escaping titles in IE Major Resolved Fixed
Bug CONF-15788 Unable to import site backup during set up of Confluence 3.0 Major Resolved Fixed
Bug CONF-15751 Cursor jumps to beginning of the page from new paragraph after cancelling the Macro Browser on Firefox Major Resolved Fixed
Bug CONF-15722 The DynamicTaskList2 plugin provides an explicit description making it impossible to internationalised Major Resolved Fixed
Bug CONF-15701 Passwords are visible when configuring database Major Resolved Fixed
Bug CONF-15610 New look for user email preferences needs its layout fixed Major Resolved Fixed
Bug CONF-15001 Firefox 3 does not enable the spell checker on the comment text area by default Major Resolved Fixed
Bug CONF-14276 Unable to create renderer-component module in plugins2 Major Resolved Fixed
Bug CONF-13702 Session must not be invalidated on logout Major Resolved Fixed
Bug CONF-13482 Can't get out of blockquote format in the rte Major Resolved Fixed
Bug CONF-12576 Duplicate friendly cache names which result in cache statistics not being visible Major Resolved Fixed
Bug CONF-10607 Blog posts appear in wrong order Major Resolved Fixed
Bug CONF-8098 User browser shows duplicate accounts when a user exists both locally and in LDAP Major Resolved Fixed
Bug CONF-16552 Renaming the ehcache config file fails on windows Minor Resolved Fixed
Bug CONF-16037 Misleading message when removing page permissions through info page Minor Resolved Fixed
Bug CONF-16017 The JUnit Macro in the Macro Browser is missing one parameter - "debug". Minor Resolved Fixed
Bug CONF-15948 Parameters passed to jQuery extend method are in wrong order Minor Resolved Fixed
Bug CONF-15920 User Hover is not working for a username which contains plus characters Minor Resolved Fixed
Bug CONF-15152 Images with mimetypes that do not match extension cannot be used as thumnails Minor Resolved Fixed
Bug CONF-14592 Macro Browser icons have tooltips showing in IE Minor Resolved Fixed
Bug CONF-12292 Draft Page Titles not displaying Minor Resolved Fixed
Bug CONF-16028 Typo in log4j.properties Trivial Resolved Fixed
Bug CONF-15696 Context menu toggle icon loses the tick when an anonymous user switches to full-screen view Trivial Resolved Fixed

Click here to open a report on http://jira.atlassian.com for Resolved or Closed issues in Confluence 3.0.1.

Document generated by Confluence on Mar 16, 2011 18:40