Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-34552

Copy page creating draft and attachment folder taking storage space

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Medium Medium
    • None
    • 4.2.13, 5.5.4
    • None

      Steps to reproduce:

      1. Enable "Anonymous can user" permission in Global permissions
      2. Go to Demonstration Space
      3. Create a new page and attach some attachment to the new page
      4. Log out Confluence and use Confluence as Anonymous user.
      5. Go to the newly created page, click on Tools>>>Copy
      6. Noticed that a nonspaced will created

        (the page was created 6pm yesterday, and i tried to copy the page once, and it create a folder with 900kb folder, and I try to copy again today, it increased the folder to 1.9mb)
      7. Followed this kb to remove the draft from database
      8. But the folder still remaining inside the server and taking storage space

      Tested on Windows 7, Java 1.7.0_51-b13 64 bits, Mysql 5.5

        1. database.PNG
          database.PNG
          7 kB
        2. folder.PNG
          folder.PNG
          98 kB

            [CONFSERVER-34552] Copy page creating draft and attachment folder taking storage space

            Minh Tran added a comment -

            Dear all,

            I believe our latest Confluence 5.9.10 fixed this problem. Please upgrade your Confluence to have the fix

            Best regards,
            Minh Tran
            Confluence BugMaster
            Atlassian

            Minh Tran added a comment - Dear all, I believe our latest Confluence 5.9.10 fixed this problem. Please upgrade your Confluence to have the fix Best regards, Minh Tran Confluence BugMaster Atlassian

            This issue may be used by an attacker for denial of service; when the disk is filled with obsolete draft attachments the Confluence server stops working.

            Proposal: A user with only anonymous read rights should not be allow to create a draft page at all!

            Stephan Amann added a comment - This issue may be used by an attacker for denial of service; when the disk is filled with obsolete draft attachments the Confluence server stops working. Proposal: A user with only anonymous read rights should not be allow to create a draft page at all!

              Unassigned Unassigned
              wwong Wayne Wong
              Affected customers:
              2 This affects my team
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: