-
Bug
-
Resolution: Fixed
-
Medium
-
4.1.4
-
Severity 3 - Minor
-
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
Problem Summary
Sometimes watchers of a page containing an embedded calendar will receive notifications if a completely different calendar has been updated
Details
When a user updates a calendar (i.e. adds a new event), it seems that Team Calendars will look for pages (via Lucene index) that have the calendar embedded by searching for the calendarId. Watchers of all these pages will then receive a notification email from Team Calendars.
The problem is that the calendarId search is not accurate. Consider the following Confluence search:
embeddedSubCalendarId:83ded06a-f3ce-4639-a431-a807c9926fc9
Instead of searching for that entire unbroken string, it seems that Lucene is breaking this into smaller pieces, delimitated by the hyphen. This can be demonstrated by trial-and-error or via an utility like Luke to examine the index:
As a result, pages that embed completely different calendars that happen to match any of the pieces will come back in the search, and watchers of those pages will receive an unintended notification.
Steps to reproduce
I tested this with Confluence 5.4.1 + Team Calendars 4.1.4
- Create 2 calendars, Calendar A and Calendar B, and make note of their calendarId values (Grab it from Down arrow > Share/embed)
- Create a page and embed Calendar A onto it. Make note of the pageId (Edit the page and grab it from the URL)
- Add a user who is not watching any of the calendars as a Watcher of this page
- In the database, locate those page contents in the BODYCONTENT table, and replace part of the Id of Calendar A with a part of Calendar B. The result will be an invalid calendarId, but that's fine for the purposes of this test. I used MySQL to test, your query may vary:
UPDATE BODYCONTENT SET body = REPLACE(body, '<part_of_calendar_a>', '<part_of_calendar_b>') WHERE contentid = '<pageId>';
- Rebuild index (Confluence Admin > Content Indexing)
- Add an event to Calendar B
Expected result
Page watcher in step 3 will not receive a notification
Actual result
Page watcher in step 3 receives notification, because the test page contains part of the Id of Calendar B.
- relates to
-
-
- Closed
-
- mentioned in
-
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page")
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page Loading...
-
[CONFSERVER-49672] Team Calendars erroneously sends out notification emails to users not watching it
I opened https://jira.atlassian.com/browse/TEAMCAL-3709 as I am seeing this behavior in 5.3.4
We are facing this issue in 5.1.21 version of Team Calendar is this a regression introduced & what should we do it to resolve this issue
Ankur Mehrotra
added a comment - - edited We are facing this issue in 5.1.21 version of Team Calendar is this a regression introduced & what should we do it to resolve this issue If a full reindex from scratch needed when installing the plugin upgrade if we have experienced this issue? Or does upgrading the plugin fix it without need to reindex?
Same question as Adhip... We've had multiple people ask why they are receiving these emails. Is there a planned release date at this time?
Edit - Noticed there is a release date of 6/24 for the version. Hoping that means it'll be available soon!
Adhip Pokharel
added a comment - Hi Duy, what is the release date for this fix? We are being affected by this bug.
Adhip Pokharel
added a comment - Hi Duy, what is the release date for this fix? We are being affected by this bug. Hi all, I fixed that issue already but unfortunately it was not be released yet. We planed to include it into the bigger release version which will be release at the end of May (or maybe sooner). Thank you !!!
Chad Barnes
added a comment - Confirmed this bug today in our environment. This is a potentially serious flaw.
Chad Barnes
added a comment - Confirmed this bug today in our environment. This is a potentially serious flaw. 
Adam Leff
added a comment - This particular issue has caused many of my customers'/colleagues' confidence in Confluence / Team Calendars to erode, and people are scared to create new calendars as they fear that people may get notifications for calendars they are not supposed to receive, including calendars which contain sensitive data.
It would be really excellent to get this fix committed sooner rather than later. Thanks for your consideration.
Adam Leff
added a comment - This particular issue has caused many of my customers'/colleagues' confidence in Confluence / Team Calendars to erode, and people are scared to create new calendars as they fear that people may get notifications for calendars they are not supposed to receive, including calendars which contain sensitive data.
It would be really excellent to get this fix committed sooner rather than later. Thanks for your consideration.
I opened https://jira.atlassian.com/browse/TEAMCAL-3889 to address this issue in 5.3.11