Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25807

Bamboo has slow memory leaks because of AntiSamy package (1.6.8-atlassian-5)

XMLWordPrintable

      Issue Summary

      In Bamboo 9.2.14, customers are experiencing performance issues and high CPU utilisation after running the application for a few days. Further examining the heap dumps we could see that the object org.owasp.validator.html.scan.AntiSamyDOMScanner$CachedItem occupies most of the heap memory. Because of this issue, Bamboo is consuming a lot of memory, and in turn, GC is taking a very long time to complete. 

       

      On further checking, in Bamboo 9.2.14, Bamboo has upgraded dependent plugins streams-aggregator-plugin and streams-core-plugin to 9.1.36. Plugins streams-aggregator-plugin and streams-core-plugin are, in turn, dependent on AntiSamy Library which got upgraded to antisamy-1.6.8-atlassian-5.jar This issue appears to be a product of a bug stemming from the version of the AntiSamy library that is used in Bamboo 9.2.14.

      Same issue is noticed observed in Confluance as well https://jira.atlassian.com/browse/CONFSERVER-95967

      Steps to Reproduce

      1. After using the Bamboo application over a period of time, heap memory will get piled up and causes the performance issues.

      Expected Results

      Heap memory should get cleared and should not get piled up along with usage

      Actual Results

      Heap memory is getting increased over a period of time and causing performance issues.

      Workaround

      Workaround 1

      Restart Bamboo if heap usage rises too high towards Xmx. The frequency with which restarts are required will depend on heap size and the level of activity on your instance.

      Workaround 2

      • Shutdown Bamboo
      • Navigate to <BAMBOO-INSTALL-FOLDER>/atlassian-bamboo/WEB-INF/atlassian-bundled-plugins and move the old version of JAR files streams-spi-9.1.36.jar, streams-api-9.1.36.jar, streams-core-plugin-9.1.36.jar, streams-aggregator-plugin-9.1.36.jar out of Bamboo installation directory and keep it as backup
      • Copy the latest version of JAR files streams-spi-9.1.40.jar streams-core-plugin-9.1.40.jar streams-api-9.1.40.jar streams-aggregator-plugin-9.1.40.jar in the path <BAMBOO-INSTALL-FOLDER>/atlassian-bamboo/WEB-INF/atlassian-bundled-plugins
      • Start the Bamboo

      Workaround 3 for Bamboo 9.2.x

      Enable apps upload to UPM by providing system property -Dupm.plugin.upload.enabled=true at setenv.sh/setenv.bat
      Install attached streams-spi-9.1.40.jar streams-core-plugin-9.1.40.jar streams-api-9.1.40.jar streams-aggregator-plugin-9.1.40.jar at BAMBOO_URL/plugins/servlet/upm
      Remove system property -Dupm.plugin.upload.enabled=true from setenv.sh/setenv.bat
      Restart Bamboo instance

        1. image-2024-06-20-18-06-22-242.png
          image-2024-06-20-18-06-22-242.png
          264 kB
        2. streams-aggregator-plugin-9.1.40.jar
          6.30 MB
        3. streams-api-9.1.40.jar
          146 kB
        4. streams-core-plugin-9.1.40.jar
          4.00 MB
        5. streams-spi-9.1.40.jar
          1.06 MB

            [BAM-25807] Bamboo has slow memory leaks because of AntiSamy package (1.6.8-atlassian-5)

            There are no comments yet on this issue.

              achystoprudov Alexey Chystoprudov
              d4e7ab297885 Venkata Sateesh Pentela
              Affected customers:
              3 This affects my team
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: