Confluence administrators (who are not necessarily sys admins) can configure whitelist

XMLWordPrintable

    • Type: Bug
    • Resolution: Not a bug
    • Priority: Medium
    • None
    • Affects Version/s: 2.10
    • Component/s: None
    • Environment:

      Atlassian Confluence 2.10-m5

      A user who has the "Confluence Administrator" permission, but not necessarily the "System Administrator" permission, can configure the new URL whitelist (for the HTML-include and RSS macros). Is this good enough, from a security point of view?

              Assignee:
              Unassigned
              Reporter:
              SarahA
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: