Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

workaround for the Concerning Widget Connector vulnerability (CVE-2019-3396)

jannachang
jannachang April 29, 2019

Please help me to understanding the wording in your Mitigation paragraph in this web page "https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html?_ga=2.124535434.1642029173.1555298192-1031304759.1473500844"

If you disable the WebDAV plugin, you will not be able to connect to Confluence using a WebDAV client. Disabling this plugin will also automatically disable the Office Connector plugin, which means Office Connector features such as Import from Word, and Edit in Office will not be available. Note that because WebDAV is not required toedit files from Confluence 6.11 and later, you will still be able to edit files in those versions. 

 

Question: 

What do you mean  "from Confluence 6.11 and later, you will still be able to edit files in those versions" ?

Do you mean that in 6.11 and later revision,

I can still edit the files in word format, given WebDEV plugin is disabled ?

Or, do you mean

I do not need to disable WebDEV if I am using 6.11 or later revision ?

 

The reason I am asking is because

I could NOT edit the word files I imported earlier, after I upgraded to the 6.14.1 revision with the WebDEV plugin disabled.

 

Thanks you,

 

Regards,

 

Janna

 

Answer
Watch
Like Be the first to like this
484 views

1 answer

1 accepted

0 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 1, 2019

Hi Janna,

You should still have the WebDAV plugin disabled if you are not on a version of Confluence where the vulnerability has been patched. If you are still on Confluence 6.14.1, you should leave the plugin disabled as that version is not patched against the vulnerability.

What the paragraph is referring to when it talks about "6.11 and later" is the Atlassian Companion app. Atlassian Companion is a helper program you run on your local desktop that helps your operating system figure out what do to when you're trying to open attachments in Confluence. It doesn't use WebDAV to function, so if you have the Atlassian Companion application installed, you should still be able to edit files. This article contains more information about the Atlassian Companion.

Cheers,
Daniel | Atlassian Support

View More Comments
jannachang
jannachang May 3, 2019

got it. thank you for help.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.