August 12, 2024
We are thrilled to announce that we’ve released a new version of Include GitHub for Confluence on . 🎉
You will automatically get the latest version, if the app is installed in your Confluence space.
Security Fix
We've addressed a security vulnerability in the OAuth implementation.
Limitations:
The security fix introduces limitations that affect the OAuth process, specifically under the following conditions:
Chrome
Incognito Mode: Browsers in incognito mode often block third-party cookies, which interferes with the OAuth authentication process.
Safari
Default Settings: Safari’s default setting, "Prevent Cross-Site Tracking," can prevent the necessary cookies from being shared across sites, disrupting the OAuth flow.
Firefox
Default Standard Settings: that includes Enhanced Tracking Protection and Total Cookie Protection. These protections interfere with the OAuth process, as it often relies on third-party cookies to manage authentication across different domains.
Other Browser Security Settings: If your browser has additional third-party security restrictions enabled (e.g., blocking third-party cookies), these settings can also impact the OAuth process.
Refer to the FAQ for more details.
Action Required:
Re-authentication: All users will be required to re-authenticate with GitHub when using our app to render content from private GitHub repositories in Confluence.
Access Token Revocation: GitHub access tokens issued before this update have been revoked. Users are asked to configure the tokens again in the app configuration under the Confluence Admin settings.
Recommendations:
Review your account activity for any suspicious behavior and report it to our support team.
Do you have any questions, suggestions, or problems?
Let us know. We’re glad to help!