whilst NOT vulnerable to the recent CVE, the log4j dependencies in SU were left arbitrarily defined by the platform, this update explicitly depends on 1.2.17-atlassian-13 for avoidance of doubt.
CollapsedExpanded2.5.3Confluence Server 6.13.0 - 7.17.52021-12-15log4j dependencies now explicitly declared
whilst NOT vulnerable to the recent CVE, the log4j dependencies in SU were left arbitrarily defined by the platform, this update explicitly depends on 1.2.17-atlassian-13 for avoidance of doubt.
CollapsedExpanded2.5.2Confluence Data Center 6.13.0 - 7.15.32021-06-28Update link to JSM support portal
SU was blocking ANY SU to an admin or system admin. Many customers have now asked for the ability to sideways-SU from one admin to another admin, or from one system-admin to another. At the same time, we still block upwards SU to prevent privilege escalation.
CollapsedExpanded2.2.4Confluence Server 6.0.1 - 6.3.42017-06-09Minor bugfix
when an authorized user (sys admin or configured via confluence group) uses the keyboard shortcut 'g u' they can again search for a user to SU to, restrictions apply, preventing SU to admin roles.
CollapsedExpanded2.1.1Confluence Server 5.9.1 - 5.9.142016-01-14Bugfix for vendor licenses