Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
Certain fields in admin should only be writable if there is a key in confluence.cfg.xml and it is set to true.
This is to prevent malicious Confluence administrators (as opposed to system administrators, who have filesystem-level access) from modifying settings in the admin screens which would elevate their privileges or retrieve information which they should not have access to.
Attachments
Issue Links
- causes
-
CONFSERVER-19481 Daily Backups setting is provided in the wrong configuration file
- Closed
-
CONFSERVER-21847 Text field "Site Support Address" is inactive
- Closed
-
CONFSERVER-19483 Links to the documentation should be provided for the new backup configuration settings
- Closed
- is related to
-
CONFSERVER-13763 Moving attachments may silently fail to move the actual file
- Closed