Security fix for CVE issue with dependency.
Today we released version 7.4.1 of the projectdoc Toolbox!
The projectdoc Toolbox is an add-on for Confluence supporting agile software development teams to collaborate on process, project, system, and product documentation.
If you want to learn more about the projectdoc Toolbox and how it helps to create good project documentation, please refer to the introduction video!
The following image is a link to a video on YouTube. When you click the link your browser will serve a page from youtube.com.
Very interesting, but way too fast?
Step through at your own pace with with our Prezi Presentation (external link to prezi.com )!
In the Online Manual you’ll find additional video material that introduces you in the concepts of the projectdoc Toolbox.
Refer to use cases and show cases for information on how to use the projectdoc Toolbox.
List of Changes
The following changes are part of version 7.4.1 of the projectdoc Toolbox for Confluence.
| Key | Summary | T | P | Description |
|---|---|---|---|---|
| PDAC-1859 | CVE-2025-48924 affects pkg:maven/org.apache.commons/commons-lang3@3.17.0 |
|
|
The projectdoc Toobox for Confluence app uses the platform dependency to commons-lang in a version that has been reported vulnerable to CVE-2025-48924. For detailed information, please refer to https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1. The vulnerability is reported to be fixed in 3.18.0 and above. |
| PDAC-1860 | Dark Theme Support for Swagger UI |
|
|
Make the Swagger UI integration respond to the Confluence Dark Theme feature. |
Related Releases
This version does not require updates of of the Web API Extension or the Information Systems Extension, but it does require the update of the Doctype Add-ons to the versions shown below.
Extension Add-ons
Web API Extension
The following changes are part of the latest Web API Extension.
| Key | Summary | T | P | Status | Resolution | Description |
|---|---|---|---|---|---|---|
| PDEXWAPI-90 | Dark Theme Support for Swagger UI |
|
|
Done | Fixed |
Make the Swagger UI integration respond to the Confluence Dark Theme feature. |
| PDEXWAPI-89 | CVE-2025-48924 affects pkg:maven/org.apache.commons/commons-lang3@3.17.0 |
|
|
Done | Fixed |
The Web API Extension uses the platform dependency to commons-lang in a version that has been reported vulnerable to CVE-2025-48924. For detailed information, please refer to https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1. The vulnerability is reported to be fixed in 3.18.0 and above. |
Information Systems Extension
The following changes are part of the latest Information Systems Extension.
| Key | Summary | T | P | Status | Resolution | Description |
|---|---|---|---|---|---|---|
| PDEXINFOSY-56 | Update to Confluence Latest Releases |
|
|
Done | Fixed |
Update dependencies to the latest Confluence 9.2.6 and support for Confluence 9.5.2. Update Swagger dependencies to the latest versions. Update AMPS and dependency checks to latest version. |
| PDEXINFOSY-57 | CVE-2025-48924 affects pkg:maven/org.apache.commons/commons-lang3@3.17.0 |
|
|
Done | Fixed |
The Information Systems Extension uses the platform dependency to commons-lang in a version that has been reported vulnerable to CVE-2025-48924. For detailed information, please refer to https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1. The vulnerability is reported to be fixed in 3.18.0 and above. |