Confluence instances that were upgraded to Confluence 2.9 are affected by a vulnerability. Child pages under a page protected by permissions are not protected by inherited permissions, as they should be. Please note that new installs of Confluence 2.9 which were not an upgrade from an old version are not affected.
Carry out the steps below to rectify the situation.
To Restore Inherited Page Permissions After Upgrading to Confluence 2.9,
- Log into Confluence as 'Administrator'.
- Access this specific page in Confluence:
- On that page, a single button is visible, entitled 'Rebuild Ancestor Table'. Click that button. It will report its success.
- Now, go to the 'Confluence Admin' page. Here, click 'Cache Statistics' from the left navigation bar. A long list appears.
- Find 'Inherited Content Permissions' in the list. Now, click the 'Flush' button to the right of 'Inherited Content Permissions'.
- Inherited permissions will now be applied.
Read more about this vulnerability in the Security Advisory.