Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-99714

Labels are not rendered from Search Results macro in Confluence 9.x

XMLWordPrintable

      Issue Summary

      Using Search Results Macro in earlier Confluence versions before v9.x, the search result used to display the labels but in 9.x versions the result is not displayed, including the labels. This is happening due to a missing velocity allowlist entry for getLabels method.
      Post Confluence 9.0, all method invocations in Velocity templates are subject to a strict method allowlist. Any attempted method invocations which are not allowlisted will result in a log warning and the method invocation being blocked.

      Steps to Reproduce

      1. Create some pages with labels and a keyword.
      2. Create another page which contains the search macro with the keyword as search term.
        • This can be done as below using wiki markup for 7.0+ versions as we ended support for this macro in Confluence 7.0:
          1. Go to Insert more content-> Markup -> Choose Confluence wiki in the drop down
          2. Add {search:query=<keyword>}
      3. Now, check for the results on macro page.

      Added space export for quick replication just navigate to "Document with Search results page".

      Note: For <7.0 versions, the macro can be directly added via Insert more content -> Other macros

      Once we upgrade to 9.x versions the issue can be reproducible.

      Expected Results

      The results should contain the labels from the pages.

      Actual Results

      The results doesn't displays the labels from the pages.

      The below warning is thrown in the logs:

      2025-04-28 09:06:38,699 WARN [http-nio-8090-exec-5 url: /spaces/SS/pages/1507332/Document+with+Search+Results, /pages/viewpage.action; user: z000191t] [velocity] log Invocation blocked as method is not allowlisted: com.atlassian.confluence.search.v2.AbstractSearchResult#getLabels(com.atlassian.user.User)

      After adding the below parameter:

      CATALINA_OPTS="-Datlassian.velocity.method.allowlist.debug=true ${CATALINA_OPTS}"

      The labels are displayed as below:

      We can see in the beug logs, it states that the Method needs allowlisting:

      2025-05-05 15:13:10,805 WARN [http-nio-8090-exec-9 url: /confluence/spaces/SS/pages/1048613/Document+with+Search+Results, /confluence/pages/viewpage.action; user: admin] [velocity] log DEBUG MODE: Method needs allowlisting: com.atlassian.confluence.search.v2.AbstractSearchResult#getLabels(com.atlassian.user.User)
 -- page: 1048613 | referer: https://linux-99374.prod.atl-cd.net/confluence/ | traceId: 4cb09ca75996563c | userName: admin | action: viewpage | url: /confluence/spaces/SS/pages/1048613/Document+with+Search+Results

      Workaround

      Add the below parameter and restart confluence:

      CATALINA_OPTS="-Datlassian.velocity.method.allowlist.extra=\"com.atlassian.confluence.search.v2.AbstractSearchResult#getLabels(com.atlassian.user.User)\" ${CATALINA_OPTS}"

        1. Confluence-space-export-SS-2025-05-05-15-32-48-831.xml.zip
          395 kB
        2. image-2025-05-08-15-46-34-010.png
          image-2025-05-08-15-46-34-010.png
          125 kB
        3. image-2025-05-08-16-19-24-873.png
          image-2025-05-08-16-19-24-873.png
          450 kB
        4. image-2025-05-08-16-28-16-201.png
          image-2025-05-08-16-28-16-201.png
          718 kB
        5. image-2025-05-08-16-29-30-308.png
          image-2025-05-08-16-29-30-308.png
          508 kB

              a2879c3b3278 Jordan Anslow
              aad60ff3f193 Bibek Roy
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: