Confluence is not starting up after java.lang.NoClassDefFoundError: PanwHooks exception

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

 

Summary


The Confluence application fails to start after java.lang.NoClassDefFoundError: PanwHooks exception. This exception can be found in the atlassian-confluence.log file.

Environment

7.17.1, 7.13.x

Diagnosis

Confluence will not start with the following stack traces

In the Atlassian-Confluence.log file:

WARN [FelixStartLevel] [blueprint.context.support.OsgiBundleXmlApplicationContext] refresh Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0' defined in OSGi resource[bundle://2.0:0/META-INF/spring/extender/extender-configuration.xml|bnd.id=1|bnd.sym=org.eclipse.gemini.blueprint.extender]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: PanwHooks
2022-04-22 09:51:20,786 ERROR [FelixDispatchQueue] [osgi.container.felix.FelixOsgiContainerManager] frameworkEvent Framework error in bundle org.eclipse.gemini.blueprint.extender
org.osgi.framework.BundleException: Activator start error in bundle org.eclipse.gemini.blueprint.extender [1].
at org.apache.felix.framework.Felix.activateBundle(Felix.java:2290)
at org.apache.felix.framework.Felix.startBundle(Felix.java:2146)
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0' defined in OSGi resource[bundle://2.0:0/META-INF/spring/extender/extender-configuration.xml|bnd.id=1|bnd.sym=org.eclipse.gemini.blueprint.extender]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: PanwHooks

In the Confluene Site GUI, the following stack trace will display:

caused by: java.lang.IllegalStateException: There should be at least one AvatarProvider module registered in the plugin system.
at com.atlassian.confluence.user.avatar.AvatarProviderAccessor.getAvatarProvider(AvatarProviderAccessor.java:30)

2022-04-20 14:03:20,630 ERROR [http-nio-8090-exec-11] [confluence.util.profiling.ConfluenceSitemeshErrorDecorator] renderInternal Failed to render error decorator. Falling back to using no decorator
 -- traceId: 167c9144c8da246d
java.lang.IllegalStateException: There should be at least one AvatarProvider module registered in the plugin system.
	at com.atlassian.confluence.user.avatar.AvatarProviderAccessor.getAvatarProvider(AvatarProviderAccessor.java:30)
	at com.atlassian.confluence.user.DefaultUserAccessor.getLogoForUser(DefaultUserAccessor.java:716)
	at com.atlassian.confluence.user.DefaultUserAccessor.lambda$getUserProfilePicture$3(DefaultUserAccessor.java:771)
	at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140)
	at com.atlassian.confluence.user.DefaultUserAccessor.getUserProfilePicture(DefaultUserAccessor.java:769)
	at jdk.internal.reflect.GeneratedMethodAccessor265.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
	at com.atlassian.spring.interceptors.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:16)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
	at com.sun.proxy.$Proxy137.getUserProfilePicture(Unknown Source)
	at com.atlassian.confluence.setup.sitemesh.SitemeshContextItemProvider.getUserProfilePicture(SitemeshContextItemProvider.java:99)
	at com.atlassian.confluence.setup.sitemesh.SitemeshContextItemProvider.getMap(SitemeshContextItemProvider.java:55)
	at com.atlassian.confluence.setup.sitemesh.SitemeshContextItemProvider.<init>(SitemeshContextItemProvider.java:44)
	at com.atlassian.confluence.setup.sitemesh.SitemeshContextItemProvider.getProvider(SitemeshContextItemProvider.java:39)
	at com.atlassian.confluence.util.profiling.ConfluenceSitemeshDecorator.getSitemeshContext(ConfluenceSitemeshDecorator.java:150)
	at com.atlassian.confluence.util.profiling.ConfluenceSitemeshDecorator.applyDecoratorUsingVelocity(ConfluenceSitemeshDecorator.java:165)
	at com.atlassian.confluence.util.profiling.ConfluenceSitemeshDecorator.applyDecorator(ConfluenceSitemeshDecorator.java:138)
	at com.atlassian.confluence.util.profiling.ConfluenceSitemeshErrorDecorator.renderInternal(


Cause

This is caused by a security malware scanner blocking the Confluence process from starting as they found Log4j libraries as vulnerable.

Solution

Our Security team investigated the impact of the Log4j remote code execution vulnerability (CVE-2021-44228) and has determined that no Atlassian on-premises products are vulnerable to CVE-2021-44228. Please check the FAQ for CVE-2021-44228 for more detail.

  • After consulting with your internal security team, and the ensure Confluence application is on the allow list of the security scanner.
  • Restart Confluence



Last modified on Apr 22, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.