Issue Summary

A recent update to the Universal Plugin Manager (UPM) in version 6.1.16 has resulted in some third-party plugins not being listed correctly. This change involved a shift to using the platform-provided jQuery library rather than a UPM-specific version, aimed at improving security by consolidating dependency management.

Background

In aligning UPM with standard security practices, the internal jQuery availability was removed, impacting third-party plugins that relied on this undocumented feature.

The change was essential for addressing vulnerabilities but was introduced in a patch release, leading to unintended compatibility issues for some plugins that leveraged this now-absent resource.

Challenges and Approach

We are currently evaluating multiple avenues to address the issue effectively while ensuring minimal disruption to end users and maintaining established security standards.

Steps to Reproduce

1. Install Confluence 8.5.23 (which is bundled with UPM 6.1.16)
2. Install one of the below plugins that we can pinpoint so far
   • Smart Courses for Confluence v9.1.0 (latest compatible version 9.2.0 does not have this issue)
   • Bob Swift Atlassian Apps - Cache v7.9.3
   • Glossary for Confluence v5.2.10 (latest compatible version 5.3.15 does not have this issue)
   • SQL for Confluence v11.1.1
   • Automated User Management & Auto-deactivation for Confluence  v1.1.2
   • Discussion for Confluence v2.8.3
   • Ideation for Confluence v6.4.0
3. Refresh the UPM page (ensure that browser caches are not involved)

Expected Results

UPM should list the installed plugins without issue.

Actual Results

The below exception is thrown in the browser Developer's Console:

Failed to run init function: undefined is not an object (evaluating '$.extend") (3)
[...]
  TypeError: undefined is not an object (evaluating '$.extend")        batch.js:3223

Workaround

Customers encountering issues can temporarily resolve them by reverting to the previous version of UPM with the following steps:

1. Download the com.atlassian.upm.atlassian-universal-plugin-manager-plugin-6.1.15.jar
2. Stop Confluence and remove the 6.1.16 version of the UPM JAR, or move it out of the Confluence installation directory:

   <confluence_install_dir>/confluence/WEB-INF/atlassian-bundled-plugins/com.atlassian.upm.atlassian-universal-plugin-manager-plugin-6.1.16.jar
   

1. Copy the older 6.1.15 UPM JAR into the same location and ensure the ownership and permissions match other files in that directory.
2. Clear plugin caches to ensure no 6.1.16 artifact exists for Confluence to load.
3. Start Confluence.