[CONFSERVER-74692] Confluence 7.15 xstream-security module not working in dev mode with compat lib

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.13.5, 7.16.2, 7.17.0
Affects Version/s: 7.15.0
Component/s: Server - Platform
Labels:
- platform

Support reference count:
2
Symptom Severity:
Severity 2 - Major
UIS:
12
Bug Fix Policy:
View Atlassian Server bug fix policy

As the Confluence 7.15 version sets the xstream.allowlist.enable as true by default in the development mode that requires to use the xstream-security module.

When using compat-lib, xstream-security module seems not work with the given explanations in https://confluence.atlassian.com/doc/xstream-1-4-upgrade-1026045605.html

Cause
It is found that security-module registration event registers the security module with core's and plugin's XStream, but not compat-lib's XStream reference.
As part of quick solution, Confluence team would try to lazify the XStream reference in XStreamManagerCompat class.

That provokes:
com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized

Workaround
If Confluence is running through amps, configure confluence JVM sysprop `xstream.allowlist.enable` to `false` using systemPropertyVariables. Please read more about setting system properties on its amps documentation.

has a regression in

CONFSERVER-81014 xstream-security module not working in atlas-debug mode

Closed

mentioned in: XStream 1.4 upgrade; Preparing for Confluence 7.17; Page Failed to load; Page Failed to load

James Richards made changes - 01/Nov/2022 12:46 AM

Link

New: This issue has a regression in ~~CONFSERVER-81014~~ [ ~~CONFSERVER-81014~~ ]

Sumitra Sahu (Inactive) made changes - 31/Oct/2022 6:51 AM

Link

New: This issue is related to CONFSRVDEV-24986 [ CONFSRVDEV-24986 ]

Cathy S made changes - 29/Mar/2022 8:01 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 630386 ]

Rachel Robins made changes - 22/Mar/2022 2:49 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 628915 ]

Rachel Robins made changes - 22/Mar/2022 2:46 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 628915 ]

James Whitehead added a comment - 22/Mar/2022 1:21 AM

A fix for this issue is available in Confluence Server and Data Center 7.17.0.
Upgrade now or check out the Release Notes to see what other issues are resolved.

James Whitehead added a comment - 22/Mar/2022 1:21 AM A fix for this issue is available in Confluence Server and Data Center 7.17.0. Upgrade now or check out the Release Notes to see what other issues are resolved.

Nam Ho added a comment - 16/Mar/2022 2:34 AM

A fix for this issue is available in Confluence Server and Data Center 7.13.5.
Upgrade now or check out the Release Notes to see what other issues are resolved.

Nam Ho added a comment - 16/Mar/2022 2:34 AM A fix for this issue is available in Confluence Server and Data Center 7.13.5. Upgrade now or check out the Release Notes to see what other issues are resolved.

Cathy S made changes - 09/Mar/2022 10:10 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 626684 ]

Ganesh Gautam added a comment - 07/Mar/2022 10:03 PM - edited

bbc2e5f3acbb , can you please tell me about #2
> 2. How is it using XStream?

and one more:
have you marked your class into allowlist and if yes, can you please share the snippet?

Ganesh Gautam added a comment - 07/Mar/2022 10:03 PM - edited bbc2e5f3acbb , can you please tell me about #2 > 2. How is it using XStream? and one more: have you marked your class into allowlist and if yes, can you please share the snippet?

Mamadou Barry added a comment - 07/Mar/2022 9:00 AM

Hello @Ganesh Gautam,

I'm working on the Scaffolding plugin.
We are using it as described in this XStream upgrade guide?
The previous version of confluence-compat-lib is 1.4.1. Now, we have bumped it to 1.4.2 as recommended.
I'm running Confluence in dev mode. Everything works fine with prod-mode.

I hope this helps with the investigation.

Thanks

Mamadou Barry added a comment - 07/Mar/2022 9:00 AM Hello @Ganesh Gautam, I'm working on the Scaffolding plugin. We are using it as described in this XStream upgrade guide? The previous version of confluence-compat-lib is 1.4.1. Now, we have bumped it to 1.4.2 as recommended. I'm running Confluence in dev mode. Everything works fine with prod-mode. I hope this helps with the investigation. Thanks

Assignee:: Ganesh Gautam

Reporter:: Pablo Gallego _Appfire_

Affected customers:: 19 This affects my team

Watchers:: 16 Start watching this issue

Created:: 09/Nov/2021 4:02 PM

Updated:: 01/Nov/2022 12:46 AM

Resolved:: 25/Feb/2022 3:57 AM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: James Whitehead added a comment - 22/Mar/2022 1:21 AM

Expand comment: James Whitehead added a comment - 22/Mar/2022 1:21 AM

Collapse comment: Nam Ho added a comment - 16/Mar/2022 2:34 AM

Expand comment: Nam Ho added a comment - 16/Mar/2022 2:34 AM

Collapse comment: Ganesh Gautam added a comment - 07/Mar/2022 10:03 PM, Edited by Ganesh Gautam - 07/Mar/2022 10:04 PM

Expand comment: Ganesh Gautam added a comment - 07/Mar/2022 10:03 PM, Edited by Ganesh Gautam - 07/Mar/2022 10:04 PM

Collapse comment: Mamadou Barry added a comment - 07/Mar/2022 9:00 AM

Expand comment: Mamadou Barry added a comment - 07/Mar/2022 9:00 AM

People

Dates