Remove the download link for XML site backups

Type atlassian
Reporter dkjellin
Modified 2017-02-17T05:42:48


Currently Confluence allows easy download of XML site backups. This could be considered a security risk. This issue introduces a flag in the Confluence_cfg.xml that allows system administrators to turn this feature on or off. By default it is off meaning that the link will not be displayed. The flag can be changed to true to enable the link again. A restart of Confluence is needed after this flag has changed. The severity of this issue is rated HIGH. Please refer to for other security related issues and information on how we rate issues.