The Register® — Biting the hand that feeds IT

Feeds

Atlassian warns of critical security flaw

Confluence customers urged to upgrade

  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Atlassian has warned of a critical security flaw in its Confluence product.

All versions of Confluence up to and including 4.1.9 are at risk, the company says, thanks to what it calls an “XML parsing vulnerability” that could lead to “denial of service attacks against the Confluence server” or allow intruders to “read all local files readable to the system user under which Confluence runs.”

Atlassian has provided fixes for all major versions of Confluence that are supported – 3.5.x, 4.0.x and 4.1.x. Hence, customers do not have to upgrade to 4.2 to fix the vulnerability.

Atlassian has posted a mitigation procedure, but warns the actions it recommends “will only limit the impact of the vulnerability … not mitigate it completely.” ®

Agentless Backup is Not a Myth

Latest Comments
Anonymous Coward

Am I the only one?

Did anyone else misread that as Alsatian jump to a conclusion it was a story about sniffer dogs?

0
0
Anonymous Coward

Oh Great.....

... not only do you have to PAY for the fix (if you are beyond your licence period), version 4 is also the one where they took out the markup editor..... fantasitic.... Confluence is not the only fruit...

0
0

More from The Register

 breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
 breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
 breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving