Legacy Workflows Documentation

Looks like you followed an old link.  We have revamped our Comala Workflows Documentation, check it out here: Welcome to Workflows

This space is no longer being updated.

Remote Publishing Only

This advisory concerns the Comala Workflows - Remote Publishing Add-on.   It is not applicable to main Comala Workflows Add-on.

This advisory discloses security vulnerabilities found and fixed in multiple Comalatech Add-ons.  We recommend upgrading Comala Add-ons to the latest supported version for your release of Confluence/JIRA.

 

Affected Add-onVulnerable VersionsFixed Version
Comalat Publishingup to and including 2.4.22.4.3
Canvas for JIRA Serverup to and including 1.4.11.4.2
Canvas for Confluence Serverup to and including 1.7.41.7.5
Comala Workflows - Remote Publishingup to and including 2.52.5.1

 

XSS Vulnerabilities

Severity

Comalatech rates the severity of these issues as High according to the published Atlassian Security Levels.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed several stored cross site scripting vulnerabilities.

Specific Products Fixed

  • Comala Publishing
  • Canvas JIRA Server
  • Canvas for Confluence Server

Fix

Upgrade the affected add-on to the latest supported version for your Atlassian product instance.

Comala Publishing 2.4.3

Canvas for JIRA Server 1.4.2

Canvas for Confluence Server 1.7.5

 

XSRF Vulnerabilities

Severity

Comalatech rates the severity of these issues as Medium according to the published Atlassian Security Levels.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have updated several actions to prevent cross site request forgery (XSRF) vulnerabilities.  These XSRF vulnerabilities could allow an attacker to trick users into unintentionally modifying add-on settings or taking actions if they have specific knowledge of the Atlassian product and add-on configuration.

Specific Products Fixed

  • Comala Publishing
  • Canvas for Confluence Server
  • Comala Workflows - Remote Publishing

Fix

Upgrade the affected add-on to the latest supported version for your Atlassian product instance.

Comala Publishing 2.4.3

Canvas for Confluence Server 1.7.5

Comala Workflows - Remote Publishing 2.5.

  • No labels