I have a question about the recent advisory.
If the maintenance period has expired, how can we protect ourselves from the vulnerability without renewing the license?
The advisory does contain mitigation steps if you're unable to upgrade:
If you are unable to upgrade Confluence immediately or are in the process of migrating to Confluence Cloud, then as a temporary workaround you can use the
atlassian.confluence.export.word.max.embedded.imagessystem property to set the maximum number of images to include in Word exports to zero. This will prevent images from being embedded in Word exports.
You'll want to read the full steps for applying this in the Mitigation section of the advisory as the exact steps depend on what operating system you're running on.
Depending on your Confluence version, you'll also want to view mitigation steps for two other security advisories released earlier this year:
As we continue to invest in security research, it may be worthwhile to evaluate renewing your support maintenance to get access to the latest bugfix releases. We've been lucky so far that security researchers have found easy-to-remediate items, but that's no guarantee that it will always be like this in the future.
Daniel | Atlassian Support
- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events