Atlassian warns of critical security flaw
Confluence customers urged to upgrade
Atlassian has warned of a critical security flaw in its Confluence product.
All versions of Confluence up to and including 4.1.9 are at risk, the company says, thanks to what it calls an “XML parsing vulnerability” that could lead to “denial of service attacks against the Confluence server” or allow intruders to “read all local files readable to the system user under which Confluence runs.”
Atlassian has provided fixes for all major versions of Confluence that are supported – 3.5.x, 4.0.x and 4.1.x. Hence, customers do not have to upgrade to 4.2 to fix the vulnerability.
Atlassian has posted a mitigation procedure, but warns the actions it recommends “will only limit the impact of the vulnerability … not mitigate it completely.” ®
Am I the only one?
Did anyone else misread that as Alsatian jump to a conclusion it was a story about sniffer dogs?
... not only do you have to PAY for the fix (if you are beyond your licence period), version 4 is also the one where they took out the markup editor..... fantasitic.... Confluence is not the only fruit...