Not able to upload and/or install the Draw.io plugin in Confluence
Platform Notice: Data Center and Cloud By Request - This article was written for the Atlassian data center platform but may also be useful for Atlassian Cloud customers. If completing instructions in this article would help you, please contact Atlassian Support and mention it.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Failed to install the 'drawio-confluence-plugin-12.4.0.obr' latest Plugin on Confluence
Environment
Confluence Data Center 8.0.0 - 8.9.0
Draw.io Diagrams & Whiteboards - Version 12.4.0 (DC)
Diagnosis
Users are unable to install the latest draw.io plugin on Confluence, I have locally tested the behaviour and not able to replicate the issue,
- Installed Confluence 8.x (latest )
- Download the draw.io Diagrams & Whiteboards Plugin from Marketplace
- Installed using the App Upload option.
- It is failing with below error (only observed into Custome instance)
Could not install the drawio-confluence-plugin-12.4.0.0br file. Verify that the file is correct
To get more information about the error, we have suggested installing the Plugin by placing the .obr file "-Dconfluence.plugins.extra.bundled.locations=<path/for/obr/file>" as suggested on the KB, it has given more information about the exception,
2024-04-29 15:58:40,775 ERROR [Catalina-utility-2] [atlassian.plugin.loaders.ScanningPluginLoader] deployPluginFromUnit Unable to deploy plugin 'null' from 'Unit: /opt/application-data/confluence/install_plugins/drawio-confluence-plugin-12.4.0.obr (1714398903444)'.
2024-04-29 15:58:40,776 ERROR [Catalina-utility-2] [atlassian.plugin.loaders.ScanningPluginLoader] deployPluginFromUnit Because of the following exception:
java.lang.IllegalArgumentException: The artifact URI file:/opt/application-data/confluence/install_plugins/drawio-confluence-plugin-12.4.0.obr is not a valid plugin artifact
at com.atlassian.plugin.DefaultPluginArtifactFactory.create(DefaultPluginArtifactFactory.java:59)
at com.atlassian.plugin.loaders.ScanningPluginLoader.deployPluginFromUnit(ScanningPluginLoader.java:141)
at com.atlassian.plugin.loaders.ScanningPluginLoader.loadAllPlugins(ScanningPluginLoader.java:89)
at com.atlassian.plugin.loaders.PermissionCheckingPluginLoader.loadAllPlugins(PermissionCheckingPluginLoader.java:26)
at com.atlassian.plugin.manager.DefaultPluginManager.lambda$earlyStartup$5(DefaultPluginManager.java:543)
at com.atlassian.plugin.manager.PluginTransactionContext.wrap(PluginTransactionContext.java:63)
at com.atlassian.plugin.manager.DefaultPluginManager.earlyStartup(DefaultPluginManager.java:528)
at com.atlassian.confluence.plugin.ConfluencePluginManager.earlyStartup(ConfluencePluginManager.java:142)
at com.atlassian.confluence.plugin.PluginFrameworkContextListener.contextInitialized(PluginFrameworkContextListener.java:73)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4460)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4914)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:840)
Cause
On further investigation, we have observed there is a difference in the File which is getting downloaded on the Customer instance,
- Original file from Plugin vendor drawio-confluence-plugin-12.4.0.obr = 43Mb
- User instance downloaded: drawio-confluence-plugin-12.4.0.obr = ~15Mb
It is observed that the issue is within the Customer configured network firewall (from Paloalto), as even if we shared the file by renaming or some other source location, it is still downloading the ~15Mb file (shows 100% download)
On further investigation, the "drawio-confluence-plugin-12.4.0.obr" containing the signature seems to be blocked by the Palo Alto network firewall, hence restricting downloading the complete files. Warning observed at network firewall while downloading the installation drawio-confluence-plugin-12.4.0.obr file.
Solution/Workaround
- As a workaround, you can use the lower version obr file ( Plugin version lower than 12.4.0), installation works as expected.
- To mitigate the issue, Request the "Palo Alto" network team to add the exception into the firewall rule for the blocked signatures . As the draw.io team confirmed, it is a false alarm from the network; the file is completely secured.
- Paul Alto Team has confirmed that, "After further review, we have determined the samples the signature was built for to be a false positive and have disabled the signatures (all 16 signature Threat ID's). This will already be updated in Wildfire and in AV in a day"