Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-33738

Patch for Security advisory 2014-05-21 doesn't work in Confluence 3.5.X

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 3.5.13, 3.5.16
    • Fix Version/s: None
    • Component/s: None

      Description

      Steps to reproduce:

      1. Confluence 3.5.13
      2. Installed, booted up
      3. Postregres DB
      4. Shutdown, applied patch following advisory
      5. admin panel not accessible
      6. content appears to be missing
      7. see errors in the logs:
        2014-05-22 16:28:50,308 ERROR [http-8080-1] [[Standalone].[localhost].[/].[action]] log Servlet.service() for servlet action threw exception
         -- referer: http://localhost:8080/dashboard.action | url: /display/ds/Example+Human+Resources+Page | userName: admin
        java.lang.AbstractMethodError: com.atlassian.xwork10.Xwork10VersionSupport.extractMethod(Lcom/opensymphony/xwork/ActionInvocation;)Ljava/lang/reflect/Method;
        	at com.atlassian.xwork.interceptors.XsrfTokenInterceptor.intercept(XsrfTokenInterceptor.java:78)
        	at com.atlassian.confluence.xwork.ConfluenceXsrfTokenInterceptor.intercept(ConfluenceXsrfTokenInterceptor.java:25)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.security.interceptors.CaptchaInterceptor.intercept(CaptchaInterceptor.java:46)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.util.LoggingContextInterceptor.intercept(LoggingContextInterceptor.java:49)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.core.CancellingInterceptor.intercept(CancellingInterceptor.java:23)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.security.websudo.WebSudoInterceptor.intercept(WebSudoInterceptor.java:58)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.security.actions.PermissionCheckInterceptor.intercept(PermissionCheckInterceptor.java:57)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.setup.webwork.BootstrapAwareInterceptor.intercept(BootstrapAwareInterceptor.java:26)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.user.actions.UserAwareInterceptor.intercept(UserAwareInterceptor.java:58)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.pages.actions.CommentAwareInterceptor.intercept(CommentAwareInterceptor.java:43)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.pages.actions.PageAwareInterceptor.intercept(PageAwareInterceptor.java:106)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.spaces.actions.SpaceAwareInterceptor.intercept(SpaceAwareInterceptor.java:68)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
        	at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
        	at com.atlassian.confluence.core.actions.LastModifiedInterceptor.intercept(LastModifiedI
        

      Workaround

      Use the old xwork until Atlassian fixes the problem.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shaffenden Steve Haffenden (Inactive)
              Reporter:
              wzanchet William Zanchet (Inactive)
              Votes:
              6 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: