Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Patching for WebDAV and Widget Connector vulnerabilities - outside of paid maintenence

Marta Mu
Marta Mu
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 2, 2019

Hi All,

I am responsible for a small Confluence installation for my Team. I am not very technical and Confluence is just a tool which we find handy but have no expertise in. 

I have now run into a wall and hoping someone here can help. 

We are running Confluence 6.7.3 server. Out maintenance period has run out in September 2018 and we were not planning to extend it any time soon. As per this page https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html on the WebDAV and Widget connector vulnerabilities I could potentially use any of these versions to fix the problem: 6.14.2, 6.13.3, 6.6.12.

However, 6.14.2, 6.13.3 are outside of my maintenance and it was confirmed by Atlassian Help Center I cannot use them. Now, 6.6.12 is below my current version and there is no procedure for downgrading. Using a backup from the time we upgraded is out of the question as it is 6 months old and a lot of new content was created in the meantime.

For the moment I used the recommended workaround (disabled the plugins), but it has impacted some of the functionalities we use daily.

The question is whether buying a new maintenance (or new license -> anyway having to pay) is the only thing I can do to make our Confluence OK? Are there any other options?

Answer
Watch
Like Be the first to like this
520 views

1 answer

1 accepted

0 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 13, 2019

Hey Marta,

I've checked the details on your license and as you found in your support ticket, your maintenance expired before we released patched versions of Confluence. Downgrading to 6.6 isn't something I wouldn't recommend attempting (as you concluded also, since we don't publish info to do it!)

Having been working on this specific security advisory with a lot of folks on Community, I can confirm that there aren't other stable long-term options than renewing your maintenance and upgrading to a new version. Disabling the plugins does work as a mitigation technique, but you've already found that it is inconvenient to users (especially the Office Connectors being disabled along with WebDAV). People like to be able to look at Excel documents easily!

You can check to see how much a renewal for your Confluence support license will be by clicking "Renew" on it at my.atlassian.com. Then I'd recommend going to one of the most recent versions, at least up to:

If you need any help or have questions about upgrading, we're here for you!

Cheers,
Daniel

View More Comments
Marta Mu
Marta Mu
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 15, 2019

Hey Daniel,

I cannot say I like the answer :-( but thanks for taking the time to respond. I really appreciate this. 

Cheers, 

Marta

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.