Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-74692

Confluence 7.15 xstream-security module not working in dev mode with compat lib


      As the Confluence 7.15 version sets the xstream.allowlist.enable as true by default in the development mode that requires to use the xstream-security module.

      When using compat-lib, xstream-security module seems not work with the given explanations in https://confluence.atlassian.com/doc/xstream-1-4-upgrade-1026045605.html

      It is found that security-module registration event registers the security module with core's and plugin's XStream, but not compat-lib's XStream reference.
      As part of quick solution, Confluence team would try to lazify the XStream reference in XStreamManagerCompat class.

      That provokes:
      com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized

      If Confluence is running through amps, configure confluence JVM sysprop `xstream.allowlist.enable` to `false` using systemPropertyVariables. Please read more about setting system properties on its amps documentation.

            ggautam Ganesh Gautam
            6a66c94f366a Pablo Gallego _Appfire_
            19 Vote for this issue
            16 Start watching this issue