Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Not a bug
Priority: Low
Fix Version/s: None
Affects Version/s: 7.13.7, 7.18.1
Component/s: Data Center - Core
Labels:
None

Support reference count:
6
Symptom Severity:
Severity 3 - Minor
UIS:
10
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

According to Recognized System Properties, confluence.cluster.authentication.secret and confluence.cluster.authentication.enabled can be configured via system property. The confluence.cfg.xml value will always overwrite the secret configured via system property.

Steps to Reproduce

Stop all nodes
Remove confluence.cluster.authentication.enabled and confluence.cluster.authentication.secret entries in all node confluence.cfg.xmls and the shared home
Configure the properties via Configuring System Properties
- Tested using a Linux box and setenv.sh entries
Start up one of the nodes

Expected Results

The secret used by the application becomes the value set as a system property

Actual Results

The system properties are read in as noted in > General Configuration > System Information
A new secret different from the system property entry is generated in confluence.cfg.xml

Workaround

Configure the secret via confluence.cluster.authentication.secret in confluence.cfg.xml

Attachments

Issue Links

relates to

CONFSERVER-78179 Confluence Data Center - Java Deserialization Vulnerability In Hazelcast - CVE-2016-10750

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Cole Aronson

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 07/Jun/2022 5:54 PM

Updated:: 16/Jun/2022 4:02 AM

Resolved:: 16/Jun/2022 12:40 AM