Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-74692

Confluence 7.15 xstream-security module not working in dev mode with compat lib

      As the Confluence 7.15 version sets the xstream.allowlist.enable as true by default in the development mode that requires to use the xstream-security module.

      When using compat-lib, xstream-security module seems not work with the given explanations in https://confluence.atlassian.com/doc/xstream-1-4-upgrade-1026045605.html

      Cause
      It is found that security-module registration event registers the security module with core's and plugin's XStream, but not compat-lib's XStream reference.
      As part of quick solution, Confluence team would try to lazify the XStream reference in XStreamManagerCompat class.

      That provokes:
      com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized

      Workaround
      If Confluence is running through amps, configure confluence JVM sysprop `xstream.allowlist.enable` to `false` using systemPropertyVariables. Please read more about setting system properties on its amps documentation.

          Form Name

            [CONFSERVER-74692] Confluence 7.15 xstream-security module not working in dev mode with compat lib

            A fix for this issue is available in Confluence Server and Data Center 7.17.0.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            James Whitehead added a comment - A fix for this issue is available in Confluence Server and Data Center 7.17.0. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Nam Ho added a comment -

            A fix for this issue is available in Confluence Server and Data Center 7.13.5.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Nam Ho added a comment - A fix for this issue is available in Confluence Server and Data Center 7.13.5. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Ganesh Gautam added a comment - - edited

            bbc2e5f3acbb , can you please tell me about #2
            > 2. How is it using XStream?

            and one more:
            have you marked your class into allowlist and if yes, can you please share the snippet?

            Ganesh Gautam added a comment - - edited bbc2e5f3acbb , can you please tell me about #2 > 2. How is it using XStream? and one more: have you marked your class into allowlist and if yes, can you please share the snippet?

            Hello @Ganesh Gautam,

            I'm working on the Scaffolding plugin.
            We are using it as described in this XStream upgrade guide?
            The previous version of confluence-compat-lib is 1.4.1. Now, we have bumped it to 1.4.2 as recommended.
            I'm running Confluence in dev mode. Everything works fine with prod-mode.

            I hope this helps with the investigation.

            Thanks

            Mamadou Barry added a comment - Hello @Ganesh Gautam, I'm working on the Scaffolding plugin. We are using it as described in this XStream upgrade guide? The previous version of confluence-compat-lib is 1.4.1. Now, we have bumped it to 1.4.2 as recommended. I'm running Confluence in dev mode. Everything works fine with prod-mode. I hope this helps with the investigation. Thanks

            bbc2e5f3acbb 
            I need more info:

            1. Which plugin are you talking about.
            2. How is it using XStream?
            3. Is it using XStreamCompat as per the XStream upgrade guide?
            4. Which version were you using before?
            5. Are you running Confluence in dev mode, if yes, what is the behaviour with prod-mode.

            Thanks,
            Ganesh

            Ganesh Gautam added a comment - bbc2e5f3acbb   I need more info: Which plugin are you talking about. How is it using XStream? Is it using XStreamCompat as per the XStream upgrade guide? Which version were you using before? Are you running Confluence in dev mode, if yes, what is the behaviour with prod-mode. Thanks, Ganesh

            We already have the compat-lib to version 1.4.2

                    <dependency>
                        <groupId>com.atlassian.confluence.compat</groupId>
                        <artifactId>confluence-compat-lib</artifactId>
                        <version>1.4.2</version>
                    </dependency> 
            

            But it doesn't help. But, the workaround provided in this ticket is working. We don't want to push this production:

                <systemPropertyVariables>
                    <xstream.allowlist.enable>false</xstream.allowlist.enable>
                </systemPropertyVariables>
            

            We never had this issue in prior versions of Confluence until we started using Confluence 7.16.2

            Mamadou Barry added a comment - We already have the compat-lib to version 1.4.2 <dependency> <groupId>com.atlassian.confluence.compat</groupId> <artifactId>confluence-compat-lib</artifactId> <version>1.4.2</version> </dependency> But it doesn't help. But, the workaround provided in this ticket is working. We don't want to push this production: <systemPropertyVariables> <xstream.allowlist.enable> false </xstream.allowlist.enable> </systemPropertyVariables> We never had this issue in prior versions of Confluence until we started using Confluence 7.16.2

            bbc2e5f3acbb

            Thanks for coming back with the version.

            Can you please confirm which plugin is giving that error? As plugins would need to use the new version of compat-lib to take advantage of the fix.

            Ganesh Gautam added a comment - bbc2e5f3acbb Thanks for coming back with the version. Can you please confirm which plugin is giving that error? As plugins would need to use the new version of compat-lib to take advantage of the fix.

            Hey @Ganesh Gautam,

            Thanks for your reply. Actually, we are on the latest version of Confluence 7.16.2. It is a mistake from my end to have put 7.12.0. 

            Mamadou Barry added a comment - Hey @Ganesh Gautam, Thanks for your reply. Actually, we are on the latest version of Confluence 7.16.2. It is a mistake from my end to have put 7.12.0. 

            Hi bbc2e5f3acbb

            Please use the Confluence version with the fix shipped.  A third-party plugin recently tested and onboarded their plugin with the new compat-lib and things look okay on the fixed versions. I would recommend to either wait for 7.13.5 LTS or use the latest Confluence version.

            Thanks,
            Ganesh

            Ganesh Gautam added a comment - Hi bbc2e5f3acbb Please use the Confluence version with the fix shipped.  A third-party plugin recently tested and onboarded their plugin with the new compat-lib and things look okay on the fixed versions. I would recommend to either wait for 7.13.5 LTS or use the latest Confluence version. Thanks, Ganesh

            Hello guys, 

            This issue described here, never happened to us in the previous version on Dev instance. Now, after upgrading to Confluence 7.12.0, we are getting this issue. However, on production, we are not getting this issue. 

            This is the error we are getting: "Could not deserialize object as XStream might not be properly initialized"

            Would you please re-open this ticket? 

            Mamadou Barry added a comment - Hello guys,  This issue described here, never happened to us in the previous version on Dev instance. Now, after upgrading to Confluence 7.12.0, we are getting this issue. However, on production, we are not getting this issue.  This is the error we are getting: "Could not deserialize object as XStream might not be properly initialized" Would you please re-open this ticket? 

              ggautam Ganesh Gautam
              6a66c94f366a Pablo Gallego _Appfire_
              Affected customers:
              19 This affects my team
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: