We are thrilled to announce that we’ve released a new version of Include GitHub for Confluence on . πŸŽ‰

You will automatically get the latest version, if the app is installed in your Confluence space. The app will only need an update under Manage Apps in Confluence.

Security Bugfix: Prevent SSRF

Versions before 1.0.3 where vulnerable to server-side request forgery (SSRF). Including a urls which are not GitHub URLs where still fetched. This allowed a regular Confluence user to potentially fetch data which they are not permitted to.

Version 1.0.3 only allows GitHub URLs and prevents using any other URLs.

Do you have any questions, suggestions, or problems?

Let us know. We’re glad to help!