Issue Summary

As part of Atlassian’s commitment to Trust and Security, regarding CVE-2023-22522, newer Confluence versions will no longer allow JSP files to be loaded from the <confluence-install-dir>.

This behavior change makes it impossible to initialize an empty KEYSTORE with the instructions from CONFSERVER-11074 and users are taken to a Page Not Found page when trying to access the URL:

<confluence-base-url>/admin/initKeyStore_5_8.jsp 

Steps to Reproduce

1. Deploy a version of Confluence that includes the security fix preventing the execution of JSP files during runtime.
2. Shutdown Confluence.
3. Download the initKeyStore_5_8.jsp to your <Confluence INSTALL>/confluence/admin folder.
4. Start Confluence.
5. Open a browser to http://yourhost.com/admin/initKeyStore_5_8.jsp

Expected Results

You're taken to a page where you're able to proceed with the JSP execution.

Actual Results

You're taken to a Page Not Found page, similar to the one below:

 
And it is not possible to run the JSP.

Workaround

As a workaround for this security constraint, you can use a specially crafted plugin developed by Atlassian to reinitialize the KEYSTORE table in your Confluence instance.

Please find the instructions on how to install and run this plugin below:

1. Make sure that the KEYSTORE table from your instance is empty (based on your description, it seems that it already is):

   SELECT * FROM keystore WHERE alias LIKE '%confluence%';

2. Download the keystore-initializer-1.0.0-SNAPSHOT.jar file that has been attached to this bug report. Please find below the checksums of the artifacts if you want to validate data integrity:

   # md5 keystore-initializer-1.0.0-SNAPSHOT_2023-12-20T10_11_44.808Z.jar
   MD5 (keystore-initializer-1.0.0-SNAPSHOT_2023-12-20T10_11_44.808Z.jar) = 04607c7660422076e310efda991f139c
   

3. Install the plugin to your instance by manually uploading the .jar file. See Installing Marketplace apps for details on that (Install an app from a file section).
4. After installing the plugin, access the following URL on your instance:

   <confluence-base-url>/admin/keystore/initialize.action

   Make sure to properly replace <confluence-base-url> with your instance's URL.

5. You should be greeted with the following screen:
   
6. Click on Proceed so that the KEYSTORE table is re-initialized.
7. Once the process is done, you should see the following message, confirming that the table has been initialized:
   
8. Confirm that the KEYSTORE table has been populated with a new key pair (two rows) by running the following query to your database:

   SELECT * FROM keystore WHERE alias LIKE '%confluence%';

9. Uninstall the custom plugin from your instance (keystore-initializer). Details for this can be found on Uninstalling apps.