Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-74692

Confluence 7.15 xstream-security module not working in dev mode with compat lib

    XMLWordPrintable

Details

    Description

      As the Confluence 7.15 version sets the xstream.allowlist.enable as true by default in the development mode that requires to use the xstream-security module.

      When using compat-lib, xstream-security module seems not work with the given explanations in https://confluence.atlassian.com/doc/xstream-1-4-upgrade-1026045605.html

      Cause
      It is found that security-module registration event registers the security module with core's and plugin's XStream, but not compat-lib's XStream reference.
      As part of quick solution, Confluence team would try to lazify the XStream reference in XStreamManagerCompat class.

      That provokes:
      com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized

      Workaround
      If Confluence is running through amps, configure confluence JVM sysprop `xstream.allowlist.enable` to `false` using systemPropertyVariables. Please read more about setting system properties on its amps documentation.

      Attachments

        Issue Links

          Activity

            People

              ggautam Ganesh Gautam
              6a66c94f366a Pablo Gallego
              Votes:
              19 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: