Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-39672

Current bundled Java version in Confluence 5.8.x should be replaced

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Closed (View Workflow)
    • Resolution: Tracked Elsewhere
    • Fix Version/s: 5.8.16
    • Component/s: None
    • Labels:
      None
    • Feedback Policy:
      We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Problem Definition

      The current bundled Java version has a bug that will always fail to make a connection when trying to use Secure LDAP, JDK-8135194.

      Specifically, the way Socket.createSocket() is used results in an SSLSocket without the hostname set in it. This results in use of an IP address to make the connection and since this is no longer allowed the connection fails. We have reported this problem to Oracle and also forwarded the information to the Java security dev list: http://mail.openjdk.java.net/pipermail/security-dev/2015-September/012845.html .

      Because of this existing LDAPS connections are broken and users from that user directory are unable to login including non-local administrators.

      This will affect any customer using secure LDAP that upgrades the JVM. Secure LDAP is very common to protect passwords on the internal network, particularly in enterprise environments. This is exacerbated by Confluence 5.8.8 which ships with Java 1.8.0u51.

      Suggested Resolution

      Bundle Java 8u65 with Confluence installer versions.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sbrannen@atlassian.com Branno
              Reporter:
              sbrannen@atlassian.com Branno
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: