-
Bug
-
Resolution: Fixed
-
Low
-
6.13.4, 6.6.16, 8.5.11, 7.19.24
-
8
-
Severity 1 - Critical
-
7
-
Issue Summary
Confluence provides one with the ability of checking who are the administrators of a given Space by going to Space Tools -> Overview and checking the names right next to the line that says Administrators. If this given Space has too many Administrators, the list may be collapsed and an ellipsis button may appear at the end of the line for one to expand and see the full list. Confluence can hit 100% of CPU usage and may go down depending on the size of the full list.
Steps to Reproduce
This can be easily reproduced by adding a group with multiple users as Space Admin. It is unknown how many users would be necessary to trigger this behaviour, however, it has been observed that an instance with 14.000 users within a group ran into this problem when this group was added as Space Admin.
- Ensure that you have a group with a few thousand users at least on it.
- As an administrator, click on the Cog Icon in your right upper corner and then click on General Configuration.
- Look for Space Permissions.
- Select a space and click on Manage Permissions.
- A list of groups and users will appear. Click on Edit Permissions nearby the group list.
- Look for the group with multiple users and check the Admin checkbox under the Space column.
- Save the changes.
- Now, go to that Space, click on Space Tools and then click on Overview.
- Click on the Ellipsis button right next to the Administrators line.
- At this point, CPU usage will increase and the application may get stuck forever running the following endpoint:
/spaces/viewspacesummary.action?key=SPAC&showAllAdmins=true
Expected Results
Instead of crashing, the application should either display a list of Administrator or a message saying that the list is too long to be rendered.
Actual Results
CPU goes wild, the list is never rendered and the application most than likely needs to be restarted to get functional once again.
Notes
Ideally, the application should avoid rendering huge lists or there should have been a pagination mechanism to avoid this problem from happening.
Workaround
Avoid using groups as Space Administrators unless these groups have a small list of users within them.
Extra - Technical Notes - AKA What Happens in the Backend
First, Confluence will grab a list of everyone that has Administrator Permissions for that space - This include user IDs and group IDs:
select permission0_.SPACEID as SPACEID2_52_0_, permission0_.PERMID as PERMID1_52_0_, permission0_.PERMID as PERMID1_52_1_, permission0_.SPACEID as SPACEID2_52_1_, permission0_.PERMTYPE as PERMTYPE3_52_1_, permission0_.PERMGROUPNAME as PERMGROU4_52_1_, permission0_.PERMUSERNAME as PERMUSER5_52_1_, permission0_.PERMALLUSERSSUBJECT as PERMALLU6_52_1_, permission0_.CREATOR as CREATOR7_52_1_, permission0_.CREATIONDATE as CREATION8_52_1_, permission0_.LASTMODIFIER as LASTMODI9_52_1_, permission0_.LASTMODDATE as LASTMOD10_52_1_ from SPACEPERMISSIONS permission0_ where permission0_.SPACEID='SPACE_ID_HERE';
Once that's done, the user IDs and group IDs will be used to create a list with actual names so one knows who the administrators really are:
select internalus1_.user_name as col_0_0_ from cwd_membership hibernatem0_ cross join cwd_user internalus1_ cross join cwd_group internalgr2_ where hibernatem0_.child_user_id=internalus1_.id and hibernatem0_.parent_id=internalgr2_.id and (hibernatem0_.child_group_id is null) and internalgr2_.lower_group_name='GROUPS_AND_USERS_FROM_STEP_1' and internalgr2_.directory_id='DIRECTORY_ID_FROM_STEP_1' order by internalus1_.lower_user_name;
With the results of the second query, the list is rendered. However, if the second query returns multiple results, such as thousands of users, Confluence will attempt to render a list with all of these names, which crashes the application.
A fix for this issue is available in Confluence Server and Data Center 9.2.0. Upgrade now or check out the Release Notes to see what other issues are resolved.