This release closes the vulnerability of Scroll Viewport for Confluence Cloud to CVE-2021-44228 'log4shell', as reported on VPC-216.

Scroll Viewport is no longer vulnerable to this attack.

Scroll Viewport for Confluence Cloud was affected by CVE-2021-44228 before December 10th, 2021.
The severity level of this issue was critical, because it could have been used to remotely execute code (RCE) using the permissions of the application.

No actions are required from customers as updates have automatically been applied to our Cloud apps.

Detailed description of the vulnerability

The usage of the vulnerable log4j 2 dependency may have allowed a malicious actor to use crafted requests to inject their own code into the process of the Scroll Viewport for Confluence Cloud app.

We've rated this bug with a CVSS score of 9.8 (Critical) (see also Common Vulnerability Scoring System Version 3.0 Calculator) and updated our Cloud app on Friday, 10th of December 2021, 12 pm CET.

VPC-216 has been added to our list of Security Advisories

Other improvements: More accessible keyboard navigation

The release also improves the keyboard navigation for the page tree on article pages.

Your visitors can now skip the navigation and set the focus right into the content of the article. This makes the help center overall a little more accessible on desktop devices.