Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Summary 🌟

In this release,

New Features (blue star)

SSO verified domains NEW

We have implemented verified domains in External Share for Confluence.

Improvements (blue star)

Improved header IMPROVED

In Confluence page, header layout was static but now adjusts smoothly to various screen sizes. On mobile devices, it has a clean layout with links, buttons, a subscribe button, and an edit page feature.

ESFC-755 - Getting issue details... STATUS

ESFC-753 - Getting issue details... STATUS

ESFC-746 - Getting issue details... STATUS

ESFC-738 - Getting issue details... STATUS

Bug Fixes (blue star)

Fixed incorrect characters in page FIXED

Resolved an issue where page names in the Activity Tab appeared with incorrect characters, such as "@". Additionally, the dropdown menu was non-functional, preventing users from selecting page suggestions. Both issues have been addressed.

ESFC-752 - Getting issue details... STATUS

Resolved unauthorized access to private space activity logs FIXED

Fixed a vulnerability where lower-privileged users could access the activity logs of private space shares, potentially exposing sensitive information. Access controls have been strengthened to ensure that only authorized users can view this data.

ESFC-750 - Getting issue details... STATUS

Fixed cross-tenant vulnerability allowing regeneration of external share secrets FIXED

Addressed a security issue where attackers could regenerate unlock secrets for external shares belonging to another tenant, causing JWT tokens to become invalid. This issue has been corrected. ESFC-745 - Getting issue details... STATUS

Fixed open redirect vulnerability FIXED

A vulnerability allowing attackers to redirect users to malicious websites using the data parameter in the login URL has been patched. This closes the loophole for phishing attacks through external share login redirects. ESFC-744 - Getting issue details... STATUS

Resolved stored XSS in API Key Usage page via User-Agent header FIXED

Fixed a stored XSS vulnerability where an attacker could inject malicious payloads into HTTP headers on the API Key Usage page. The vulnerability has been mitigated to prevent arbitrary JavaScript execution in the administrator’s browser. ESFC-743 - Getting issue details... STATUS

Fixed infinite loading screen when exporting CSV from Global Settings FIXED

Resolved an issue where attempting to export a CSV file from the global settings page would result in an infinite loading screen. This was caused by the system trying to download too many Confluence pages at once. The export limit has been reduced from 500 to 100 pages, ensuring smooth CSV exports.

ESFC-742 - Getting issue details... STATUS

Fixed external shared link being cut off in edit mode FIXED

Addressed a display issue where inserting an external share URL in edit mode would cause the URL window to be cut off. The window is now fully visible during editing. ESFC-723 - Getting issue details... STATUS

Fixed jittering in the comment tab on shared pages FIXED

Solved an issue where the comment tab would jitter on shared pages. The tab now loads smoothly, and improvements were made to prevent white flashes when loading the edit view, particularly in dark mode.

ESFC-393 - Getting issue details... STATUS

  • No labels