-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.4.5, 7.4.6, 7.4.9, 7.12.1, 7.19.4, 8.1.1, 9.2.0
-
None
-
17
-
Severity 3 - Minor
-
15
-
Issue Summary
Plugin Data Storage does not display data
Steps to Reproduce
- Install and set-up Confluence 7.4.5 or newer
- Access Plugin Data Storage page via /plugins/servlet/active-objects/tables/list
Expected Results
Actual Results
All plugins name as unknown, table column as '$i.table' and rows as '$i.rows'
Workaround
Perform these steps to restore the functionality in Confluence:
Up to Confluence 8.9:
- Edit <confluence-install-dir>/confluence/WEB-INF/classes/velocity.properties
- Replace the full line containing com.atlassian.activeobjects from the introspector.restrict.packages section with:
introspector.allow.classes = \ com.atlassian.activeobjects.admin.tables.TablesController$TableInformation, \ com.atlassian.activeobjects.backup.PluginInformationFactory$AvailablePluginInformation introspector.restrict.packages = \ com.atlassian.activeobjects.ao, \ com.atlassian.activeobjects.config, \ com.atlassian.activeobjects.internal, \ com.atlassian.activeobjects.osgi, \ com.atlassian.activeobjects.plugin, \ com.atlassian.activeobjects.servlet, \ com.atlassian.activeobjects.spring, \ com.atlassian.activeobjects.util, \ com.atlassian.activeobjects.backup
- Restart Confluence.
For Confluence 9.0 onward:
- Edit <confluence-install-dir>/confluence/WEB-INF/classes/velocity.properties
- Add the following properties to the end of the file:
introspector.proper.allowlist.enable=true introspector.proper.allowlist.debug.enable=true introspector.allow.classes = \ com.atlassian.activeobjects.admin.tables.TablesController$TableInformation, \ com.atlassian.activeobjects.backup.PluginInformationFactory$AvailablePluginInformation introspector.restrict.packages = \ com.atlassian.activeobjects.ao, \ com.atlassian.activeobjects.config, \ com.atlassian.activeobjects.internal, \ com.atlassian.activeobjects.osgi, \ com.atlassian.activeobjects.plugin, \ com.atlassian.activeobjects.servlet, \ com.atlassian.activeobjects.spring, \ com.atlassian.activeobjects.util, \ com.atlassian.activeobjects.backup
- Restart Confluence.
Bear in mind that these changes were made in order to limit potential template injection vulnerabilities (CONFSERVER-59898), so there are some security implications to this workaround. You might consider making this change, getting the data you need from the page, and then reverting it and restarting Confluence again.
