Confluence administrators (who are not necessarily sys admins) can configure whitelist

2008-10-27T05:18:10
ID ATLASSIAN:CONFSERVER-13531
Type atlassian
Reporter smaddox
Modified 2017-02-17T05:15:02

Description

A user who has the "Confluence Administrator" permission, but not necessarily the "System Administrator" permission, can configure the new URL whitelist (for the HTML-include and RSS macros). Is this good enough, from a security point of view?