Details
-
Bug
-
Resolution: Fixed
-
Low
-
7.15.0
-
2
-
Severity 2 - Major
-
12
-
Description
As the Confluence 7.15 version sets the xstream.allowlist.enable as true by default in the development mode that requires to use the xstream-security module.
When using compat-lib, xstream-security module seems not work with the given explanations in https://confluence.atlassian.com/doc/xstream-1-4-upgrade-1026045605.html
Cause
It is found that security-module registration event registers the security module with core's and plugin's XStream, but not compat-lib's XStream reference.
As part of quick solution, Confluence team would try to lazify the XStream reference in XStreamManagerCompat class.
That provokes:
com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized
Workaround
If Confluence is running through amps, configure confluence JVM sysprop `xstream.allowlist.enable` to `false` using systemPropertyVariables. Please read more about setting system properties on its amps documentation.
Attachments
Issue Links
- has a regression in
-
-
- Closed
-