Forbidden method invocation blocked by FreeMarker allowlist

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • 1

      Issue Summary

      Forbidden methods blocked by FreeMarker allowlist:

      2026-02-09 06:47:40,813 WARN [http-nio-8085-exec-3 url: /build/admin/create/createPlanRepository.action; user: XXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.ww2.FreemarkerContext.hasProjectPermission(java.lang.String,java.lang.String)
2026-02-09 08:25:13,575 WARN [http-nio-8085-exec-38 url: /ajax/confirmDeleteArtifactDefinition.action; user: XXXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.google.common.collect.ImmutableMultimap.size()
2026-02-09 09:38:05,329 WARN [http-nio-8085-exec-50 url: /browse/PLAN1-JOB1/test, /chain/viewTestsSummary.action; user: XXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.build.tests.FailingTestCaseForDisplay.getFailuresCount()
2026-02-09 11:04:42,737 WARN [http-nio-8085-exec-9 url: /browse/PLAN1-JOB1, /chain/viewChain.action; user: XXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.logger.DecoratedErrorDetailsImpl.getParentPlanKey()


      2026-02-17 13:51:12,620 WARN [18-NotificationDispatcher-:pool-19-thread-4921] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.notification.chain.AfterXFailedNotification.getCommitUrl(com.atlassian.bamboo.repository.RepositoryDataEntity,java.lang.String)

      Steps to Reproduce

      N/A

      Expected Results

      Methods should be allowed

      Actual Results

      The below exception is thrown in the atlassian-bamboo.log file:

      2026-02-09 06:47:40,813 WARN [http-nio-8085-exec-3 url: /build/admin/create/createPlanRepository.action; user: XXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.ww2.FreemarkerContext.hasProjectPermission(java.lang.String,java.lang.String)
2026-02-09 08:25:13,575 WARN [http-nio-8085-exec-38 url: /ajax/confirmDeleteArtifactDefinition.action; user: XXXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.google.common.collect.ImmutableMultimap.size()
2026-02-09 09:38:05,329 WARN [http-nio-8085-exec-50 url: /browse/PLAN1-JOB1/test, /chain/viewTestsSummary.action; user: XXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.build.tests.FailingTestCaseForDisplay.getFailuresCount()
2026-02-09 11:04:42,737 WARN [http-nio-8085-exec-9 url: /browse/PLAN1-JOB1, /chain/viewChain.action; user: XXXX] [BambooFreemarkerAllowlistBeansWrapper] [IT - ALLOWLIST][WRAPPER] Forbidden method invocation: com.atlassian.bamboo.logger.DecoratedErrorDetailsImpl.getParentPlanKey()

      Workaround

      1. Take a backup of <BAMBOO_INSATLL_DIR>/atlassian-bamboo/WEB-INF/classes/freemarker-allowlist.properties
      2. Add the below method to the end of the file like below:

      ,\
 com.atlassian.bamboo.ww2.FreemarkerContext.hasProjectPermission,\
com.google.common.collect.ImmutableMultimap.size(),\
com.atlassian.bamboo.build.tests.FailingTestCaseForDisplay.getFailuresCount(),\
com.atlassian.bamboo.logger.DecoratedErrorDetailsImpl.getParentPlanKey()

      3. Restart the Bamboo

              Assignee:
              Alexey Chystoprudov
              Reporter:
              Jyothi Charupalli
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: