-
Bug
-
Resolution: Fixed
-
Low
-
None
-
7.18.0
-
None
-
Severity 3 - Minor
-
Issue Summary
This is reproducible on Data Center: yes
Use the new module like this:
<xstream-security key = "xstream-set" name="Some XStream allowlist set"> <wildcard>**</wildcard> </xstream-security>
does not work.
Steps to Reproduce
- Create an app that uses <xstream-security/>
- Use atlas-debug to start Confluence
Expected Results
The app runs without error
Actual Results
The below exception is thrown in the atlassian-conflence.log file:
2022-08-22 09:01:36,891 ERROR [ThreadPoolAsyncTaskExecutor::Thread 31] [plugin.osgi.factory.OsgiPlugin] onPluginContainerFailed Unable to start the plugin container for plugin 'com.company.myplugin' -- url: /confluence/rest/plugins/1.0/ | traceId: 401ca2d490aee6a6 | userName: admin org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sampleComponent': Invocation of init method failed; nested exception is com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized
Workaround
When using atlas-debug add
<configuration>
<systemPropertyVariables>
<xstream.allowlist.enable>false</xstream.allowlist.enable>
</systemPropertyVariables>
</configuration>
- is a regression of
-
CONFSERVER-74692 Confluence 7.15 xstream-security module not working in dev mode with compat lib
- Closed