Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-19393

Remove the download link for XML site backups

    XMLWordPrintable

    Details

    • Feedback Policy:
      We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      Currently Confluence allows easy download of XML site backups. This could be considered a security risk. This issue introduces a flag in the Confluence_cfg.xml that allows system administrators to turn this feature on or off. By default it is off meaning that the link will not be displayed. The flag admin.ui.allow.manual.backup.download can be changed to true to enable the link again. A restart of Confluence is needed after this flag has changed. The severity of this issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for other security related issues and information on how we rate issues.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            dkjellin Daniel
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: