Getting error "Resource name must end with .vm, .vmd, .css or .xml" after Confluence is upgraded

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


After Confluence is upgraded for fixing CVE-2023-22522, when a user tries to access a page or use a feature provided by third party plugins/app, the page is not able to render and redirects the user to a Page not found or System Error page.


Confluence 7.19.17, 8.4.5, 8.5.4, 8.6.2, 8.7.1


When accessing some Confluence pages, it shows the Page Not Found error or System Error page: 

In atlassian-confluence.log , you may see the following error stack trace: 

2023-12-07 06:20:49,517 ERROR [http-nio-8090-exec-18 url: /display/ABCD, /spaces/viewspace.action, /display/ABCD/Testing, /pages/viewpage.action; user: test] [confluence.util.velocity.VelocityUtils] getRenderedTemplate Error occurred rendering template: theme-press/templates/macros/content-layer.vm
 -- url: /display/ABCD | traceId: 34bba0ef64919054 | userName: Test | page: 12345 | action: viewpage
org.apache.velocity.exception.ResourceNotFoundException: Resource name must end with .vm, .vmd, .css or .xml
	at com.atlassian.confluence.util.velocity.ConfigurableResourceManager.loadResource(
	at com.atlassian.confluence.util.velocity.ConfigurableResourceManager.getResource(
	at org.apache.velocity.runtime.RuntimeInstance.getTemplate(
	at org.apache.velocity.runtime.directive.Parse.render(
	at com.atlassian.confluence.setup.velocity.ProfilingParseDirective.render(
	at org.apache.velocity.runtime.parser.node.ASTDirective.render(
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(
	at org.apache.velocity.Template.merge(
	at org.apache.velocity.Template.merge(
	at com.atlassian.confluence.util.velocity.VelocityUtils.renderTemplateWithoutSwallowingErrors(
	at com.atlassian.confluence.util.velocity.VelocityUtils.renderTemplateWithoutSwallowingErrors(
	at com.atlassian.confluence.util.velocity.VelocityUtils.getRenderedTemplateWithoutSwallowingErrors(
	at com.atlassian.confluence.util.velocity.VelocityUtils.getRenderedTemplate(
	at com.atlassian.confluence.util.velocity.VelocityUtils.getRenderedTemplate(


In recent CVE-2023-22522 fix, Confluence is limited to only able execute file type with .vm, .vmd, .css or .xml.


Atlassian suggest to disable the app/plugins that throwing the error to avoid impact to daily work. 

We encourage strongly to reach out to the plugin/app vendor who provides the feature, in order to update the plugin/app and make it compatible with the Confluence version affected. 

Last modified on Dec 8, 2023

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.