-
Bug
-
Resolution: Fixed
-
High
-
None
NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.
Whilst removing a connect security vulnerability (ACDEV-514, ACDEV-516 ) we have encountered an obstacle in Confluence that prevents us completing this work and therefore closing this serious security hole.
Confluence currently assumes that the image placeholders are served out of confluence. For connect we require them to be able to be served out of the Addon.
The offending line is
CustomImageEditorMacroMarshaller line 104
writer.writeAttribute("src", context + imgUrl);
For connect we need this to not prepend with context for absolute URLs
- is related to
-
CONFSERVER-31585 Add support for absolute Image placeholder URLs
- Closed