UPM app signature check cannot be disabled

XMLWordPrintable

    • Severity 2 - Major
    • 1

      Issue Summary

      Confluence 10.0.1 introduced new app signing requirements as a security precaution. As part of this improvement, a system property that disables the signing requirement was introduced for environments that do not require additional security, or for testing and development environments. It was identified that in some circumstances this property is not correctly applied, blocking the installation of unsigned apps improperly.

      The issue is present in the UPM 8.0.2 plugin present in Confluence 10.0.1.

      Steps to Reproduce

      1. Configure Confluence with the atlassian.upm.signature.check.disabled=true system property
      2. Start Confluence
      3. Attempt to install an unsigned plugin

      Expected Results

      With the system property disabling the signing requirement disabled, unsigned apps should be able to be installed.

      Actual Results

      Even with the system property set, Confluence blocks the installation of unsigned apps.

      Workaround

      It is possible to upgrade the UPM plugin to 8.0.3 or newer.

      Atlassian recommends upgrading to Confluence 10.0.2 upon release rather than implementing the workaround.

            Assignee:
            Kusal Kithul-Godage
            Reporter:
            Kusal Kithul-Godage
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: