Hibernate 5.2 to 5.4 upgrade contains breaking changes

Javan · April 12, 2021, 1:57am

Hi devs!

I’m Javan and I’m one of the developers for Confluence Server.

We plan to upgrade Hibernate from 5.2 to 5.4 in Confluence 7.14. This upgrade may break some apps that rely on deprecated features in Hibernate.

What is changing?

In our effort to fix security issues in Confluence, we’re upgrading the included Hibernate bundle library from 5.2 to 5.4. This includes a few breaking changes like removing deprecated features/interfaces.

Some notable major features that have been removed are:

Support for JDBC parameterised queries. Classes that implement HibernateContentQueryFactory should be verified to assure that named parameters are used instead.
RegionAccessStrategy and other access strategy interfaces have been replaced.

Why is it changing?

We take the security of Confluence seriously and focus on keeping third party code up to date.

What do I need to do?

In order to maintain compatibility with Confluence 7.14, please assure that your app is compatible with Hibernate 5.4. A large number of deprecated components have been removed in this release and may cause your app to break if not prepared for the change.

Please refer to the Hibernate documentation for official change logs and migration guides:

By when do I need to do it?

We are targeting the Confluence 7.14 release to upgrade the Hibernate to 5.4. Currently, 7.14 is expected to release on June 8th, 2021.

jens · April 12, 2021, 6:49am

Hi @Javan,

are you referring to HibernateContentQueryFactory? There’s apparently no HibernateConte_x_tQueryFactory in Confluence.
Just wanted to clarify before everyone does a bitbucket search for the latter and can’t find anything in their repos

Javan · April 12, 2021, 7:06am

Hi @jens,
Thanks for the catch! I’ve corrected the post and relevant documentation

ppasler · April 12, 2021, 7:26am

Thanks for the information!

We do use the HibernateContentQueryFactory in our app to search custom content entities.

Will there be an alternative and a backport for older Confluence versions?

Javan · April 12, 2021, 7:35am

@ppasler

HibernateContentQueryFactory isn’t being removed, instead, support for JDBC parameterised queries is being removed. Since this factory is one of the main interfaces used to provide and execute custom queries to Hibernate, it’s recommended to check your usages to make sure you are using named parameters. Using the factory itself is fine!

Hope this helps!

ppasler · April 12, 2021, 8:33am

Ah I see, thanks! So with your expertise, is this going to break?

...
public class FindAllInTopicHibernateQueryFactory implements HibernateContentQueryFactory {
...
	@Override
	public Query getQuery(final EntityManager entityManager, final Object... parameters) throws PersistenceException {
		return entityManager.createQuery("SELECT content" +
				" FROM  CustomContentEntityObject content" +
				" JOIN content.labellings labellings" +
				" WHERE content.pluginModuleKey = :moduleKey" +
				" AND content.originalVersion is null" +
				...
				" ORDER BY content.creationDate desc")
				.setParameter("moduleKey", MicroPostContentEntityAdapter.PLUGIN_CONTENT_KEY)
				...;
	}
}

TureHoefner · April 12, 2021, 3:55pm

@Javan, I think a snippet of code to illustrate the removed (and suggested replacement) queries would be useful. Could you paste a few snippets in here?

Thanks.

Javan · April 13, 2021, 3:09am

@ppasler

Should be fine

However, I highly recommend looking at the Hibernate migration guides as while this is one of the most notable changes, it’s not the only change that requires attention as part of the upgrade.

system · May 13, 2021, 3:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.