Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-25189

Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherited to the child pages. This might be quite random, as in not every child pages are affected. IMHO, we should have CONF-25188 implemented to help this out.

      Workaround

      Please follow the resolution in this KB:

      Resolution

      We've made some changes in 6.5.0 to detect if there is no parent ancestor record for a page. This change will block users from viewing pages with a missing parent ancestor record, and will log a warning for administrators.
      The steps to resolve this issue is still to rebuild the ancestors table as described in this KB https://confluence.atlassian.com/x/8qr-Nw

          Form Name

            [CONFSERVER-25189] Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync

            Thanks Minh!

            Petro Semeniuk added a comment - Thanks Minh!

            Minh Tran added a comment -

            A fix for this issue is now available for Confluence Server customers.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Minh Tran added a comment - A fix for this issue is now available for Confluence Server customers. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Joshua DeClerck added a comment - - edited

            We ran into this issue just recently. While it seemed random at first, in this particular case, it only affected pages that couldn't have pretty URLs because of special characters in the title. If a page's URL had to use the page ID, it wouldn't inherit restrictions from its parent. Likewise, it wouldn't pass them on to its children, either.

            The fix from the 2008 advisory still works, and will probably be added to our regular checklist of activities after any upgrade or migration just-in-case.

            It should be noted that this is still affecting Confluence at version 5.9.3.

            ==Edit==

            The page ID thing seems to have been wrong. I was eventually able to find some examples of broken child pages where all ancestors had pretty URLs, so that idea's right out the window.

            Joshua DeClerck added a comment - - edited We ran into this issue just recently. While it seemed random at first, in this particular case, it only affected pages that couldn't have pretty URLs because of special characters in the title. If a page's URL had to use the page ID, it wouldn't inherit restrictions from its parent. Likewise, it wouldn't pass them on to its children, either. The fix from the 2008 advisory still works, and will probably be added to our regular checklist of activities after any upgrade or migration just-in-case. It should be noted that this is still affecting Confluence at version 5.9.3. ==Edit== The page ID thing seems to have been wrong. I was eventually able to find some examples of broken child pages where all ancestors had pretty URLs, so that idea's right out the window.

            I'm going to +1 this as well. We have some very sensitive information that mistakenly gets shared due to this permissions issue.

            Deleted Account (Inactive) added a comment - I'm going to +1 this as well. We have some very sensitive information that mistakenly gets shared due to this permissions issue.

            Adam Toth added a comment -

            Pls fix this, it could lead to info leaking in case Confluence is shared among different group of people...

            Adam Toth added a comment - Pls fix this, it could lead to info leaking in case Confluence is shared among different group of people...

              zgilovitz Ze'ev (Inactive)
              halatas HuseinA
              Affected customers:
              18 This affects my team
              Watchers:
              27 Start watching this issue

                Created:
                Updated:
                Resolved: