Following yesterdays Atlassian security advisory for Confluence, it looks like there are some added steps required for people who have user macros. Be careful folks.
@BergerofLondon spotted this first:
Following upgrade to Confluence 5.5.1 the values of parameters in user macros cannot be evaluated the same way. Discovered this the hard way
— Berger (@BergerofLondon) May 22, 2014
You can't use the same shorthand you use for standard variables. #if ($paramistrue) will always evaluate as true.
— Berger (@BergerofLondon) May 22, 2014
You now have to use things like #if ($paramistrue == true) or #if ($paramistrue == false).
— Berger (@BergerofLondon) May 22, 2014
@baitman For strings I can no longer do #if ($paramfoo), I have to do #if ($paramfoo).length() > 0. Which is crazy.
— Berger (@BergerofLondon) May 22, 2014
@baitman Also, if you're upgrading to 5.5.1 to fix the security vulnerability double-check that it's upgraded xwork to 1.17. Ours wasn't.
— Berger (@BergerofLondon) May 22, 2014
The update to atlassian-xwork-core-1.17.jar means you have to be more specific with your coding. Thanks to @BergerofLondon for the heads up.