[CONFSERVER-60864] Html Macros should respect authenticated user based on allowlist API

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.12.1, 7.13.0
Affects Version/s: 7.10.0
Component/s: Data Center - Core, Security
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Gadgets have moved to use whitelist.isAllowed(URI, Userkey) to give more controls to admins to whether allow anonymous users or not.

More details on the whitelist API changes can be found here:
https://asecurityteam.atlassian.net/browse/VULN-217900

We had to enable the old behaviour of whitelist.isAllowed(URI) temporarily as part of:
BSP-2173 Update isAllowed method to use old behaviour
Failing tests with new API:

Failed	HtmlIncludeFuncTest testWhitelistAllowUsingExactMatch History	Failing since build #1 (First build for this plan)	8 secs
Failed	HtmlIncludeFuncTest testWhitelistAllowUsingRegex History	Failing since build #1 (First build for this plan)	8 secs
Failed	HtmlIncludeFuncTest testWhitelistAllowUsingWildcard History	Failing since build #1 (First build for this plan)	8 secs
Failed	RssMacroWhitelistTestCase testWhitelistAllowUsingExactMatch History	Failing since build #1 (First build for this plan)	9 secs
Failed	RssMacroWhitelistTestCase testWhitelistAllowUsingRegex History	Failing since build #1 (First build for this plan)	9 secs
Failed	RssMacroWhitelistTestCase testWhitelistAllowUsingWildcard

Logs attached!

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

confluence.log
1.57 MB
12/Jan/2021 11:52 PM

links to

Original (master branch) ticket on AsecJ > VULN

mentioned in: Page Failed to load; Page Failed to load

relates to: VULN-253132 Failed to load

Jiri Hronik added a comment - 18/May/2021 7:10 AM

A fix for this issue is available to Server and Data Center customers in Confluence 7.12.1
Upgrade now or check out the Release Notes to see what other issues are resolved.

Jiri Hronik added a comment - 18/May/2021 7:10 AM A fix for this issue is available to Server and Data Center customers in Confluence 7.12.1 Upgrade now or check out the Release Notes to see what other issues are resolved.

Richard Lau added a comment - 11/Mar/2021 12:53 AM

Currently awaiting merge on 7.12, already added into 7.14.0 snapshot.

Richard Lau added a comment - 11/Mar/2021 12:53 AM Currently awaiting merge on 7.12, already added into 7.14.0 snapshot.

Adilson Carvalho (Inactive) added a comment - 21/Jan/2021 10:43 PM

When I try to reach VULN-253132 it redirects me to VULN-217900.

Adilson Carvalho (Inactive) added a comment - 21/Jan/2021 10:43 PM When I try to reach VULN-253132 it redirects me to VULN-217900 .

Adilson Carvalho (Inactive) added a comment - 18/Jan/2021 12:31 AM - edited

This is the related VULN ticket: VULN-253132

Adilson Carvalho (Inactive) added a comment - 18/Jan/2021 12:31 AM - edited This is the related VULN ticket: VULN-253132

Assignee:: Richard Lau

Reporter:: Ganesh Gautam

Affected customers:: 0 This affects my team

Watchers:: 5 Start watching this issue

Created:: 12/Jan/2021 11:53 PM

Updated:: 30/Aug/2023 6:41 AM

Resolved:: 13/May/2021 4:27 AM

Confluence Data Center

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Jiri Hronik added a comment - 18/May/2021 7:10 AM

Expand comment: Jiri Hronik added a comment - 18/May/2021 7:10 AM

Collapse comment: Richard Lau added a comment - 11/Mar/2021 12:53 AM

Expand comment: Richard Lau added a comment - 11/Mar/2021 12:53 AM

Collapse comment: Adilson Carvalho (Inactive) added a comment - 21/Jan/2021 10:43 PM

Expand comment: Adilson Carvalho (Inactive) added a comment - 21/Jan/2021 10:43 PM

Collapse comment: Adilson Carvalho (Inactive) added a comment - 18/Jan/2021 12:31 AM, Edited by Adilson Carvalho - 18/Jan/2021 12:31 AM

Expand comment: Adilson Carvalho (Inactive) added a comment - 18/Jan/2021 12:31 AM, Edited by Adilson Carvalho - 18/Jan/2021 12:31 AM

People

Dates