New in this release

  • Fixed a security issue of medium severity with an XSS vulnerability. We recommend updating the app to version 3.5.4
  • Minor bug fixes and updates

You can read more information about our security advisory regarding this fix in our documentation.

Summary

You may be affected if you have Handy Macros for Confluence, version 3.5.3 or earlier, installed.

After updating this app to Handy Macros for Confluence, version 3.5.4 or later, your instance is no longer affected by this security issue.

Severity

Stiltsoft Europe rates the severity level of this issue as medium because it can be exploited by any user with edit page permissions.

We've rated this bug with a CVSS score of 6.4 (Medium).

This is the Stiltsoft Europe baseline assessment. We recommend your own evaluation of the issue applicability to your IT environment.

Steps we've taken to fix this issue

  • Released updates with the vulnerability fix for the Handy Macros for Confluence app on the Atlassian Marketplace

 Steps you need to perform

  • A Confluence administrator needs to upgrade any affected Handy Macros for Confluence app version to version 3.5.4 or later. 

  • It is not required to update pages with Handy Macros for Confluence after the fixed version has been installed.

Have questions?

We realize the inconvenience that resulted from this issue. Our team is always glad to provide any assistance required to minimize your efforts and support you.

In case you have any questions or want to get support in fixing the issue, please, let us know. We are happy to consult you or arrange a short call to help you.