We’re pleased to announce the April 2022 update for Workflows for Confluence has arrived 🥳
Release date: 4th April 2022
Important Update - Security Advisory
We have identified an issue where it was possible for space admins to escalate their privilege to act as space admins for other spaces or, in some cases, as global admins. By doing this, a malicious space admin could execute various functions on Workflows that they do not have access to such as deleting a Workflow or applying a Workflow to a page. It also allowed for any space admin to access Workflow data which may contain sensitive information such as webhook urls.
We have now patched this vulnerability to ensure that space admins can only execute functions within spaces where they are set as admins and we have not received any reports of this vulnerability being exploited.
What else has changed?
Added a new column to the Workflows Info table displaying a link to the version of the page for which the action was applied
Fixed an issue causing imported workflows to display the wrong space in the audit log
Fixed an issue where the ‘Last Transitioned By’ column in the Workflows Search page would always display the page creator
How to upgrade to the latest version
The update is applied automatically so you’re all set 🙌
Give us your feedback
We’d love to hear about how you are using our products and if there’s any feedback you have that can help us make them even better.
Send this to us directly via our Service Desk.