Security Vulnerabilities Instance Health Check failing
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Security Vulnerabilities is failing with the following error:
atlassian-confluence.log
Exception during health check invocation java.lang.RuntimeException: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@870eb08; line: 1, column: 2]or
[c.a.t.healthcheck.concurrent.SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'Environment
- Atlassian Troubleshooting and Support Tools 1.34.0 and onward versions
- Forward Proxy
- Firewall restriction
Diagnosis
Run the curl command from the application server:
Jira:
curl https://atst-data.atl-paas.net/healthcheck/cve/jira.json | jqJSM:
curl https://atst-data.atl-paas.net/healthcheck/cve/jsd.json | jqConfluence:
curl https://atst-data.atl-paas.net/healthcheck/cve/confluence.json | jqBamboo:
curl https://atst-data.atl-paas.net/healthcheck/cve/bamboo.json | jqCause
The security vulnerability health check was introduced in the recent ATST version since 1.34.0. To make it work, your application needs to be able to access the following URL:
- Jira: https://atst-data.atl-paas.net/healthcheck/cve/jira.json
- JSM: https://atst-data.atl-paas.net/healthcheck/cve/jsd.json
- Confluence: https://atst-data.atl-paas.net/healthcheck/cve/confluence.json
- Bamboo: https://atst-data.atl-paas.net/healthcheck/cve/bamboo.json
Solution
- If a connection can’t be established, for example, if you’re using a restrictive firewall or proxy server settings, the tool won’t be able to fetch any updates to version data, security vulnerability or documentation.
- We recommend reviewing the forward proxy and/or firewall restrictions to allow access to *.atl-paas.net.
- A feature has been added under recent ATST version 1.36.1, where if cannot allow access to *.atl-paas.net due to security policies, then admin does have an option to disable this check. In case you disable this health check, then as expected Confluence will not be able to report security vulnerabilities as a part of system health checks.
Last modified on Feb 9, 2023
Powered by Confluence and Scroll Viewport.