Summary 🌟
In this release,
New Features 
...
we have improved CSV export functionality, introduced "Show Author" option with separate controls. We also fixed several bugs, including issues with incorrect characters in page names, vulnerabilities in external shares. Additionally, display issues and stability in the comment tab on shared pages were resolved for better user experience.
...
Improvements
Increased CSV export row limit
...
...
We have implemented verified domains in External Share for Confluence.
Improvements
We improved the CSV export functionality by increasing the maximum number of rows that can be exported.
Improved “Show Author” Option
In Confluence page, header layout was static but now adjusts smoothly to various screen sizes. On mobile devices, it has a clean layout with links, buttons, a subscribe button, and an edit page feature.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-755 |
|---|
|
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-753 |
|---|
|
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-746 |
|---|
|
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-738 |
|---|
|
the Customize tab, the “Show Author” option is now split into “Show Avatar” and “Show Author Info”, allowing users to hide avatars but still display the author's name.
...
Bug Fixes
Fixed incorrect characters in page
Resolved We have fixed an issue where page names in the Activity Tab appeared with incorrect characters, such as "@". Additionally, the dropdown menu was non-functional, preventing users from selecting page suggestions. Both issues have been addressed.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-752 |
|---|
|
Resolved unauthorized access to private space activity logs
Fixed a vulnerability where lower-privileged users could access the activity logs of private space shares, potentially exposing sensitive information. Access controls have been strengthened to ensure that only authorized users can view this data.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-750 |
|---|
|
Fixed cross-tenant vulnerability allowing regeneration of external share secrets
Addressed a security issue where attackers could regenerate unlock secrets for external shares belonging to another tenant, causing JWT tokens to become invalid. This issue has been corrected.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-745 |
|---|
|
Fixed open redirect vulnerability
A vulnerability allowing attackers to redirect users to malicious websites using the data parameter in the login URL has been patched. This closes the loophole for phishing attacks through external share login redirects.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-744 |
|---|
|
Fixed a stored XSS vulnerability where an attacker could inject malicious payloads into HTTP headers on the API Key Usage page. The vulnerability has been mitigated to prevent arbitrary JavaScript execution in the administrator’s browser.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-743 |
|---|
|
...
resolved.
Fixed infinite loading screen
Resolved an issue where attempting When users try to export a CSV file from the global settings page would result in , an infinite loading screen appeared. This was caused by the system trying to download too many Confluence pages at once. The export limit has been reduced from 500 to 100 pages, ensuring smooth CSV exports.
| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-742 |
|---|
|
...
fixed and fetching data mechanism was improved.
Fixed external shared link issue
Addressed We addressed a display issue where inserting an external share URL in edit mode would cause the URL window to be cut off. The Now, the window is now fully visible during editing.| Jira Legacy |
|---|
server | System Jira| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
| key | ESFC-723 |
|---|
...
Solved We fixed an issue where the comment tab would jitter on shared pages was unsteady. The tab It now loads smoothly, and with additional improvements were made to prevent white flashes when loading the edit view, particularly especially in dark mode.| Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | b66650ca-af1e-397f-81f5-9d94924a0a26 |
|---|
key | ESFC-393Fixed vulnerabilities
We have fixed vulnerability where attackers could regenerate information for external shares.
Fixed an XSS vulnerability where attackers could inject malicious code on the API Key Usage page.
A vulnerability allowing attackers to redirect users to malicious websites through the login URL has been fixed.
Fixed a vulnerability where lower-privileged users could access the activity logs of private space shares.
