We are thrilled to announce that we’ve released a new version of Include GitHub for Confluence on . 🎉
You will automatically get the latest version, if the app is installed in your Confluence space.
Security Fix
-
We've addressed a security vulnerability in the OAuth implementation.
-
Limitations:
-
The security fix introduces limitations that affect the OAuth process, specifically under the following conditions:
-
Chrome
-
Incognito Mode: Browsers in incognito mode often block third-party cookies, which interferes with the OAuth authentication process.
-
-
Safari
-
Default Settings: Safari’s default setting, "Prevent Cross-Site Tracking," can prevent the necessary cookies from being shared across sites, disrupting the OAuth flow.
-
-
Firefox
-
Default Standard Settings: that includes Enhanced Tracking Protection and Total Cookie Protection. These protections interfere with the OAuth process, as it often relies on third-party cookies to manage authentication across different domains.
-
-
Other Browser Security Settings: If your browser has additional third-party security restrictions enabled (e.g., blocking third-party cookies), these settings can also impact the OAuth process.
-
-
Refer to the FAQ for more details.
-
-
Action Required:
-
Re-authentication: All users will be required to re-authenticate with GitHub when using our app to render content from private GitHub repositories in Confluence.
-
Access Token Revocation: GitHub access tokens issued before this update have been revoked. Users are asked to configure the tokens again in the app configuration under the Confluence Admin settings.
-
-
Recommendations:
-
Review your account activity for any suspicious behavior and report it to our support team.
-
-
Do you have any questions, suggestions, or problems?
Let us know. We’re glad to help!