Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-74692

Confluence 7.15 xstream-security module not working in dev mode with compat lib

XMLWordPrintable

      As the Confluence 7.15 version sets the xstream.allowlist.enable as true by default in the development mode that requires to use the xstream-security module.

      When using compat-lib, xstream-security module seems not work with the given explanations in https://confluence.atlassian.com/doc/xstream-1-4-upgrade-1026045605.html

      Cause
      It is found that security-module registration event registers the security module with core's and plugin's XStream, but not compat-lib's XStream reference.
      As part of quick solution, Confluence team would try to lazify the XStream reference in XStreamManagerCompat class.

      That provokes:
      com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized

      Workaround
      If Confluence is running through amps, configure confluence JVM sysprop `xstream.allowlist.enable` to `false` using systemPropertyVariables. Please read more about setting system properties on its amps documentation.

            ggautam Ganesh Gautam
            6a66c94f366a Pablo Gallego _Appfire_
            Votes:
            19 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: