-
Bug
-
Resolution: Fixed
-
High
-
5.6.3, 5.8, 5.7.5, 5.9.1-m1
-
None
-
4
-
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
We had a situation where a user commented on a jira issue with a text 25MB comment. This was sent as a workbox notification to Confluence, which promptly died trying to sanitise the string:
2015-07-24 00:35:17,952 ERROR [catalina-exec-33] [common.error.jersey.ThrowableExceptionMapper] toResponse Uncaught exception thrown by REST service: Java heap space
-- url: /rest/mywork/1/notification | userName: <REDACTED>
java.lang.OutOfMemoryError: Java heap space
at org.apache.xerces.dom.CharacterDataImpl.appendData(Unknown Source)
at org.cyberneko.html.parsers.DOMFragmentParser.characters(DOMFragmentParser.java:465)
at org.cyberneko.html.HTMLTagBalancer.characters(HTMLTagBalancer.java:798)
at com.atlassian.xhtml.parsing.BlockIsolatingTagBalancer.characters(BlockIsolatingTagBalancer.java:171)
at org.cyberneko.html.filters.DefaultFilter.characters(DefaultFilter.java:156)
at org.cyberneko.html.HTMLScanner$ContentScanner.scanCharacters(HTMLScanner.java:2059)
at org.cyberneko.html.HTMLScanner$ContentScanner.scan(HTMLScanner.java:1910)
at org.cyberneko.html.HTMLScanner.scanDocument(HTMLScanner.java:877)
at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:495)
at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:448)
at org.cyberneko.html.parsers.DOMFragmentParser.parse(DOMFragmentParser.java:166)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:172)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:113)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:92)
at com.atlassian.mywork.host.service.HTMLServiceImpl.clean(HTMLServiceImpl.java:28)
at com.atlassian.mywork.host.service.LocalNotificationServiceImpl.createOrUpdate(LocalNotificationServiceImpl.java:164)
We should have some sort of safeguard that limits the size of notifications
- relates to
-
-
- Closed
-
-
-
- Closed
-
- included in
-
![[JIRA]](/images/icons/generic_link_16.png "[JIRA]")
CPU-64
Confluence 5.9.1-OD-2015.47.1-0002
-
CPU-282
Confluence 6.0.0-OD-2016.06.1-0007
-
CPU-283
Confluence 6.0.0-OD-2016.06.1-0008
-
CPU-287
Confluence 6.0.0-OD-2016.06.1-0009
- links to
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
[CONFSERVER-38615] Very large notifications can cause OOMEs
| Workflow | Original: JAC Bug Workflow v3 [ 2896631 ] | New: CONFSERVER Bug Workflow v4 [ 2989533 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2788020 ] | New: JAC Bug Workflow v3 [ 2896631 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2736009 ] | New: JAC Bug Workflow v2 [ 2788020 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2390635 ] | New: JAC Bug Workflow [ 2736009 ] |
| Labels | Original: affects-cloud affects-server bugfix loyalty notifications workbox | New: affects-cloud affects-server loyalty notifications workbox |
| Labels | Original: affects-cloud affects-server bugfix notifications workbox | New: affects-cloud affects-server bugfix loyalty notifications workbox |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2269903 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2390635 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220418 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2269903 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2159543 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220418 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1953309 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2159543 ] |