This advisory discloses security vulnerabilities found and fixed in multiple Comalatech Add-ons. We recommend upgrading Comala Add-ons to the latest supported version for your release of Confluence/JIRA.

Affected Add-on	Vulnerable Versions	Fixed Version
Comalat Comala Publishing	up to and including 2.4.2	2.4.3
Canvas for JIRA Server	up to and including 1.4.1	1.4.2
Canvas for Confluence Server	up to and including 1.7.4	1.7.5
Comala Workflows Document Management - Remote Publishing	up to and including 2.5	2.5.1

XSS Vulnerabilities

Severity

...

Canvas for Confluence Server 1.7.5

XSRF Vulnerabilities

Severity

...

Versions Compared

Old Version 1

New Version Current

Key

XSS Vulnerabilities

Severity

XSRF Vulnerabilities

Severity

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

XSS Vulnerabilities

Severity

XSRF Vulnerabilities

Severity