Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Unexpected Consequence of Confluence CVE

Deleted user Apr 02, 2019

Hey all,

I have a question relating to the side-effects of the mitigation of this Confluence CVE. Specifically, the inability to see thumbnails of attached files after disabling the 'webDAV' plugin. This occurs when disabling webDAV also disables the 'Office Connector' plugin as a result. Office connector contains the modules which allow Confluence to display thumbnails on pages.

Which modules of office connector interact with the webDAV plugin?

If I were to enable the 'viewdoc', 'viewxls', 'viewppt', and 'viewpdf' modules and have the rest of the office connector modules disabled would this stop the vulnerability from affecting the Confluence instance while still allowing for thumbnails to be present?


I think the short version of this question we are trying to answer, is,

Can we safely keep the 'viewdoc', 'viewxls', 'viewppt', and 'viewpdf' modules of the Office Connector system plugin enabled?

lauren Atlassian Team Apr 05, 2019

Hey @[deleted] and @Simon Merrick

Sorry for the delay here! Asking internally and will get back to you as soon as I can. 

Like Simon Merrick likes this

Thanks for your response Lauren, we are also currently following this thread on the partners portal.

There was a suggested workaround to programmatically replace all the Office Connector macros with the File Preview macro, but we are really looking to cause the least impact on the customers systems as this is all only temporary until the upgrade it completed.

lauren Atlassian Team Apr 08, 2019

Hey @Simon Merrick !

Firstly, we do recommend disabling the WebDAV plugin as a temporary measure only until you can complete an upgrade.

Disabling the WebDAV plugin will cause the “Edit in Office” button on attachment previews to stop functioning. It will also cause the following macros to stop working: viewdoc viewxls viewppt viewpdf. These macros should all be replaced with the File Preview macro. This can be done in bulk for your entire Confluence instance by following the SQL instructions on this KB article. It sounds like you might have read about this in the thread!

DO NOT re-enable the Office Connector plugin as this will also re-enable WebDAV. Re-enabling Office Connector will re-expose your instance to the vulnerability. Instead, bulk-migrate the office connector macros to the File Preview macro as described in the KB article.

cc @Eaniel Deads 

Daniel Eads Atlassian Team Apr 08, 2019

Hey Simon,

Also wanted to add some additional context about the modules you mentioned. Because of the linked dependencies, you cannot safely re-enable the Office Connector plugin at all while keeping the WebDAV plugin disabled. As soon as you try to re-enable the Office Connector plugin to disable the other modules, the WebDAV plugin will be re-enabled as well. You will need to refresh the UPM to see this occur, but it cannot be safely done.

Thanks for the clarification Daniel and Lauren. For clarity, I created the configuration I was trying to describe in a local atlas-sdk instance.

Based on @Daniel Eads response, though, I think we will put a rest to this line of questioning and focus on expediting the upgrade process for all of our customers.

Thanks for your help team.


Screen Shot 2019-04-09 at 9.05.26 AM.pngScreen Shot 2019-04-09 at 9.06.39 AM.png


Log in or Sign up to comment

Atlassian Community Events