We no longer offer sales and support for server apps. You can stay connected by exploring the migration options to either the cloud or Data Center version of this app.
Versions
Version 1.2•Confluence Server 5.6 - 7.13.20Released: Aug 23rd 2021
Summary
Added Markdown Support, fixed a possibility of XSS script injection
Details
This release fixes a vulnerability where it was possible to inject javascript code in the title of a tech radar. We recommend to update the app as soon as possible. The description of the tech radar now also allows markdown syntax.
You can find more details about the vulnerability CVE-2021-37412 here:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-040.txt
We thank the security researcher for reporting this vulnerability to us. This security vulnerability was found by Ulrich Braun of SySS GmbH.
E-Mail: Ulrich.Braun@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Ulrich_Braun.asc Key ID: 0x8D0BCE93155A9EC5 Key Fingerprint: BE5B 3FBE 585F 129E 5ACD 8672 8D0B CE93 155A 9EC5