Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-66530

Plugin Data Storage does not display data

XMLWordPrintable

      Issue Summary

      Plugin Data Storage does not display data

      Steps to Reproduce

      1. Install and set-up Confluence 7.4.5 or newer
      2. Access Plugin Data Storage page via /plugins/servlet/active-objects/tables/list

      Expected Results

      Actual Results

      All plugins name as unknown, table column as '$i.table' and rows as '$i.rows'

      Workaround

      Perform these steps to restore the functionality in Confluence:

      Up to Confluence 8.9:

      1. Edit <confluence-install-dir>/confluence/WEB-INF/classes/velocity.properties
      2. Replace the full line containing com.atlassian.activeobjects from the introspector.restrict.packages section with:  
        introspector.allow.classes = \
   com.atlassian.activeobjects.admin.tables.TablesController$TableInformation, \
   com.atlassian.activeobjects.backup.PluginInformationFactory$AvailablePluginInformation

introspector.restrict.packages = \
   com.atlassian.activeobjects.ao, \
   com.atlassian.activeobjects.config, \
   com.atlassian.activeobjects.internal, \
   com.atlassian.activeobjects.osgi, \
   com.atlassian.activeobjects.plugin, \
   com.atlassian.activeobjects.servlet, \
   com.atlassian.activeobjects.spring, \
   com.atlassian.activeobjects.util, \
   com.atlassian.activeobjects.backup
      3. Restart Confluence.

      For Confluence 9.0 onward:

      1. Edit <confluence-install-dir>/confluence/WEB-INF/classes/velocity.properties
      2. Add the following properties to the end of the file: 
        introspector.proper.allowlist.enable=true
introspector.proper.allowlist.debug.enable=true

introspector.allow.classes = \ 
  com.atlassian.activeobjects.admin.tables.TablesController$TableInformation, \  
  com.atlassian.activeobjects.backup.PluginInformationFactory$AvailablePluginInformation

introspector.restrict.packages = \
   com.atlassian.activeobjects.ao, \
   com.atlassian.activeobjects.config, \
   com.atlassian.activeobjects.internal, \
   com.atlassian.activeobjects.osgi, \
   com.atlassian.activeobjects.plugin, \
   com.atlassian.activeobjects.servlet, \
   com.atlassian.activeobjects.spring, \
   com.atlassian.activeobjects.util, \
   com.atlassian.activeobjects.backup
      3. Restart Confluence.

      Bear in mind that these changes were made in order to limit potential template injection vulnerabilities (CONFSERVER-59898), so there are some security implications to this workaround. You might consider making this change, getting the data you need from the page, and then reverting it and restarting Confluence again.

        1. 745_plugin_data_storage.png
          191 kB
          MichaelD
        2. 744_plugin_data_storage.png
          244 kB
          MichaelD

            [CONFSERVER-66530] Plugin Data Storage does not display data

            Manonmani Muthukrishnan made changes -
            Fix Version/s New: 8.5.25 [ 113048 ]
            Fix Version/s New: 9.2.7 [ 113047 ]
            Fix Version/s New: 9.5.3 [ 113046 ]
            Status Original: Awaiting Merge [ 10064 ] New: Waiting for Release [ 12075 ]
            Manonmani Muthukrishnan made changes -
            QA Demo Status Original: Not Done [ 14330 ] New: Done [ 14331 ]
            Status Original: In Review [ 10051 ] New: Awaiting Merge [ 10064 ]
            Manonmani Muthukrishnan made changes -
            QA Kickoff Status Original: Not Done [ 14234 ] New: Done [ 14235 ]
            Testing Notes New: # Verify that the plugin data storage page on the admin screen renders all relevant data (Plugin name, Table names, and Row counts), and that no template variables are displayed as it is
             # 2. Ensure that only the essential classes and methods from the activeobjects package are included in the velocity-default.properties file, as these can be accessed from Velocity templates.
             # 3. Check with the incognito mode 
            Status Original: In Progress [ 3 ] New: In Review [ 10051 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 1041806 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "R8.5 P1. Baseline › Setup and upgrade tests, Postgres 14 › issue-85-CONFSERVER-66530-plugin-data-storage-does-not-display-data (server-syd-bamboo)" [ 1041193 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "R8.5 P1. Baseline › Main Plugins - Jira-Integration › issue-85-CONFSERVER-66530-plugin-data-storage-does-not-display-data (server-syd-bamboo)" [ 1041192 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "R8.5 P1. Baseline › Main Plugins - Ancillary › issue-85-CONFSERVER-66530-plugin-data-storage-does-not-display-data (server-syd-bamboo)" [ 1041191 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "R8.5 P1. Baseline › Main Plugins - Public › issue-85-CONFSERVER-66530-plugin-data-storage-does-not-display-data (server-syd-bamboo)" [ 1041308 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "R8.5 P1. Baseline › Unit, Integration, CTK Tests › issue-85-CONFSERVER-66530-plugin-data-storage-does-not-display-data (server-syd-bamboo)" [ 1041267 ]
            Manonmani Muthukrishnan made changes -
            Remote Link New: This issue links to "R8.5 P1. Baseline › Database Integration Tests › issue-85-CONFSERVER-66530-plugin-data-storage-does-not-display-data (server-syd-bamboo)" [ 1041266 ]

              a9c75a56733b Manonmani Muthukrishnan
              mduong@atlassian.com MichaelD
              Affected customers:
              35 This affects my team
              Watchers:
              33 Start watching this issue

                Created:
                Updated: