Release notes 1.8.3 - Cloud

Owned by Sunita Patro
Nov 20, 2024
1 min read

Release date: November 18, 2024

Our team is excited to announce the release of the HTML for Confluence app, version 1.8.3.

In this release we have fixed following SSRF (Server-Side Request Forgery) security vulnerability reported by CrowdStrike as part of bugcrowd program.

Relative URLs in the Profile HTML data source are not properly concatenated to the configured profile host. The secret session headers can be leaked when the top domain is set to request an attacker controlled server.

Credits

Thank you our valuable customers!

We want to thank you, our incredible, supportive customers, for using our apps. You have provided great feedback and want you to know that you truly are the reason why we build software!


Find answers from the community.

Ask a question to the community.

Log a request with our support team.

Confluence®, Jira®, Atlassian Bamboo®, Bitbucket®, Fisheye®, and Atlassian Crucible® are registered trademarks of Atlassian®
Copyright © 2005 - 2024 Appfire | All rights reserved. Appfire™, the 'Apps for makers™' slogan and Bob Swift Atlassian Apps™ are all trademarks of Appfire Technologies, LLC.

Unable to render {include} The included page could not be found.