Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.7.3
-
None
-
maybe a Java 6 specific issue. I'm not 100% certain.
Description
The ConfluenceCachingCaptchaStore class has no explicit cache configuration in the confluence-coherence-cache-config-clustered.xml meaning that it will by default use a replicated cache.
It seems that our current version of jcaptcha has a bug which can mean deserialization fails in certain circumstances and by using a distributed cache we can fall victim to this defect. See http://forge.octo.com/jcaptcha/jira/browse/FWK-80
We can avoid this problem by not using a distributed cache, but also there is probably no need to be caching captcha's across all nodes in the cluster. With session affinity the captcha doesn't need to be cached beyond the node it was generated on.
We should probably just add something like -
<cache-mapping>
<cache-name>com.atlassian.confluence.cache.jcaptcha.ConfluenceCachingCaptchaStore</cache-name>
<scheme-name>local:default</scheme-name>
</cache-mapping>
This is raised from the support case https://support.atlassian.com/browse/CSP-20815
