Atlassian currently seems to refuse to disclose the Confluence sources (even in a private ticket, see [1]), at least since October due to the advisory CVE-2023-22515. Just to illustrate our difficulties are vendors, programming with Confluence currently looks like this:
I understand that we need to stand with Atlassian against CVE-2023-22515, but there should be a possible solution with some creativity:
Give access to the source of com.atlassian.confluence:confluence-java-api,
Give access to the Javadocs of com.atlassian.confluence:confluence-java-api,
Or maybe, someone at Atlassian could manually copy-paste the javadocs of classes and carefully filter those that are not involved in the CVE-2023-22515 vulnerability,
All of them in the 3 long-term-support versions (7.19.0 LTE, 8.5.0 LTE and 8.7.1 latest).
Can some well-meaning person at Atlassian work on helping the ecosystem accessing the APIs that are required to keep supporting plugins? If Atlassian does not do this, then vendors will have major difficulties guessing the documentation of Atlassian APIs, and major difficulties supporting the plugins.
Thank you very much!
[1] Support case CA-2645365, if necessary, although it is better to find a public solution.
Second this. Not having ready access to the Confluence Source has also made it uniquely difficult to prepare for the upcoming Confluence 9 changes.
As it stands right now, does anyone know what the correct avenue is to access the source if we need to? I’m admittedly a little out of the loop here. If we need to raise a support ticket, which portal is the portal we should be using?
At this time, the right path is to contact our customer support about “Pricing, billing & licensing”. I can appreciate the appeals for a public solution and that request has been routed to the Marketplace Partnerships.
