Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-33729

Upgrading to 5.5.1 from 5.4.3 didn't update xwork from 1.13 to 1.17

XMLWordPrintable

      We recently upgraded our instance following your security advisory. It was discovered shortly after the upgrade that the xwork file that was vulnerable (1.13) was not upgraded to the safe version (1.17). This could have just been specific to our instance but you should check your upgrade process and see if the correct file is bundled and the update process is actually updating it.

            [CONFSERVER-33729] Upgrading to 5.5.1 from 5.4.3 didn't update xwork from 1.13 to 1.17

            Matt Ryall added a comment -

            This is a general problem with the release, Steve. Thanks very much for bringing it to our attention.

            We've built and released Confluence 5.5.2 today, with the correct version of XWork bundled, and will be updating our advisories accordingly. We'll also be contacting customers who downloaded 5.5.1 to let them know of the changes.

            It is very concerning that we could release the version without the issue being completely fixed, and we'll be reviewing our internal development and release procedures to make sure that this cannot happen again.

            Thanks again for reporting this, and sorry for the confusion and inconvenience.

            Matt Ryall added a comment - This is a general problem with the release, Steve. Thanks very much for bringing it to our attention. We've built and released Confluence 5.5.2 today , with the correct version of XWork bundled, and will be updating our advisories accordingly. We'll also be contacting customers who downloaded 5.5.1 to let them know of the changes. It is very concerning that we could release the version without the issue being completely fixed, and we'll be reviewing our internal development and release procedures to make sure that this cannot happen again. Thanks again for reporting this, and sorry for the confusion and inconvenience.

            Matt Ryall added a comment -

            Thanks for reporting this, Steve. We're looking into it.

            Matt Ryall added a comment - Thanks for reporting this, Steve. We're looking into it.

              shaffenden Steve Haffenden (Inactive)
              4c44925d5073 Steve Goldberg
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: