-
Bug
-
Resolution: Fixed
-
Low
-
9.0.1, 9.4.0, 9.2.3
-
1
-
Severity 3 - Minor
-
1
-
Issue Summary
Using Search Results Macro in earlier Confluence versions before v9.x, the search result used to display the labels but in 9.x versions the result is not displayed, including the labels. This is happening due to a missing velocity allowlist entry for getLabels method.
Post Confluence 9.0, all method invocations in Velocity templates are subject to a strict method allowlist. Any attempted method invocations which are not allowlisted will result in a log warning and the method invocation being blocked.
Steps to Reproduce
- Create some pages with labels and a keyword.
- Create another page which contains the search macro with the keyword as search term.
- This can be done as below using wiki markup for 7.0+ versions as we ended support for this macro in Confluence 7.0:
- Go to Insert more content-> Markup -> Choose Confluence wiki in the drop down
- Add {search:query=<keyword>}
- This can be done as below using wiki markup for 7.0+ versions as we ended support for this macro in Confluence 7.0:
- Now, check for the results on macro page.
Added space export for quick replication just navigate to "Document with Search results page".
Note: For <7.0 versions, the macro can be directly added via Insert more content -> Other macros
Once we upgrade to 9.x versions the issue can be reproducible.
Expected Results
The results should contain the labels from the pages.
Actual Results
The results doesn't displays the labels from the pages.
The below warning is thrown in the logs:
2025-04-28 09:06:38,699 WARN [http-nio-8090-exec-5 url: /spaces/SS/pages/1507332/Document+with+Search+Results, /pages/viewpage.action; user: z000191t] [velocity] log Invocation blocked as method is not allowlisted: com.atlassian.confluence.search.v2.AbstractSearchResult#getLabels(com.atlassian.user.User)
After adding the below parameter:
CATALINA_OPTS="-Datlassian.velocity.method.allowlist.debug=true ${CATALINA_OPTS}"
The labels are displayed as below:
We can see in the beug logs, it states that the Method needs allowlisting:
2025-05-05 15:13:10,805 WARN [http-nio-8090-exec-9 url: /confluence/spaces/SS/pages/1048613/Document+with+Search+Results, /confluence/pages/viewpage.action; user: admin] [velocity] log DEBUG MODE: Method needs allowlisting: com.atlassian.confluence.search.v2.AbstractSearchResult#getLabels(com.atlassian.user.User)
-- page: 1048613 | referer: https://linux-99374.prod.atl-cd.net/confluence/ | traceId: 4cb09ca75996563c | userName: admin | action: viewpage | url: /confluence/spaces/SS/pages/1048613/Document+with+Search+Results
Workaround
Add the below parameter and restart confluence:
CATALINA_OPTS="-Datlassian.velocity.method.allowlist.extra=\"com.atlassian.confluence.search.v2.AbstractSearchResult#getLabels(com.atlassian.user.User)\" ${CATALINA_OPTS}"
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-99714] Labels are not rendered from Search Results macro in Confluence 9.x
A fix for this issue is available in Confluence Data Center 9.2.5. Upgrade now or check out the Release Notes to see what other issues are resolved.
Testing this issue in our test environment after an upgrade to Confluence Data Center LTS 9.2.5 and the issue still exists.