• Type: Bug
• Resolution: Fixed
• Priority: Low
• Fix Version/s: None
• Affects Version/s: 7.18.0
• Component/s: Server - Platform
• Labels:

  None

[CONFSERVER-81014] xstream-security module not working in atlas-debug mode

Ajay Sharma (Inactive) made changes - 07/Jun/2023 11:01 AM

QA Demo Status	Original: Not Done [ 14330 ]	New: Not Needed [ 14332 ]
QA Kickoff Status	Original: Not Done [ 14234 ]	New: Not Needed [ 14236 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Ready for Development [ 10049 ]	New: Closed [ 6 ]

Ajay Sharma (Inactive) made changes - 05/Dec/2022 7:00 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 711553 ]

Ajay Sharma (Inactive) made changes - 05/Dec/2022 6:19 AM

Remote Link

Original: This issue links to "Page (Confluence)" [ 709779 ]

Ajay Sharma (Inactive) made changes - 28/Nov/2022 2:46 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 709779 ]

Ganesh Gautam made changes - 14/Nov/2022 1:13 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 706252 ]

Ajay Sharma (Inactive) made changes - 04/Nov/2022 5:21 PM

Assignee

New: Ajay Sharma [ 19cb521e4007 ]

James Ponting made changes - 01/Nov/2022 12:47 AM

Status

Original: Needs Triage [ 10030 ]

New: Ready for Development [ 10049 ]

James Richards made changes - 01/Nov/2022 12:46 AM

Link

New: This issue is a regression of CONFSERVER-74692 [ CONFSERVER-74692 ]

James Richards made changes - 01/Nov/2022 12:45 AM

Description

Original: h3. Issue Summary This is reproducible on Data Center: yes use the new module like this: {code:java} <xstream-security key = "xstream-set" name="Some XStream allowlist set">     <wildcard>**</wildcard> </xstream-security> {code} does not work. h3. Steps to Reproduce  # Create an app that uses <{{{}xstream-security/>{}}}  # Use {{atlas-debug}} to start Confluence h3. Expected Results The app runs without error h3. Actual Results The below exception is thrown in the {{atlassian-conflence.log}} file: {noformat} 2022-08-22 09:01:36,891 ERROR [ThreadPoolAsyncTaskExecutor::Thread 31] [plugin.osgi.factory.OsgiPlugin] onPluginContainerFailed Unable to start the plugin container for plugin 'com.company.myplugin'  -- url: /confluence/rest/plugins/1.0/ | traceId: 401ca2d490aee6a6 | userName: admin org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sampleComponent': Invocation of init method failed; nested exception is com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized{noformat} h3. Workaround When using {{atlas-debug}} add {code:java} <configuration>     <systemPropertyVariables> <xstream.allowlist.enable>false</xstream.allowlist.enable>     </systemPropertyVariables> </configuration> {code}

New: h3. Issue Summary This is reproducible on Data Center: yes Use the new module like this: {code:java} <xstream-security key = "xstream-set" name="Some XStream allowlist set">     <wildcard>**</wildcard> </xstream-security> {code} does not work. h3. Steps to Reproduce  # Create an app that uses <{{{}xstream-security/>{}}}  # Use {{atlas-debug}} to start Confluence h3. Expected Results The app runs without error h3. Actual Results The below exception is thrown in the {{atlassian-conflence.log}} file: {noformat} 2022-08-22 09:01:36,891 ERROR [ThreadPoolAsyncTaskExecutor::Thread 31] [plugin.osgi.factory.OsgiPlugin] onPluginContainerFailed Unable to start the plugin container for plugin 'com.company.myplugin'  -- url: /confluence/rest/plugins/1.0/ | traceId: 401ca2d490aee6a6 | userName: admin org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sampleComponent': Invocation of init method failed; nested exception is com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized{noformat} h3. Workaround When using {{atlas-debug}} add {code:java} <configuration>     <systemPropertyVariables> <xstream.allowlist.enable>false</xstream.allowlist.enable>     </systemPropertyVariables> </configuration> {code}

James Richards made changes - 01/Nov/2022 12:42 AM

Link

New: This issue is related to CONFSRVDEV-24986 [ CONFSRVDEV-24986 ]

James Richards created issue - 01/Nov/2022 12:41 AM