Hibernate 5.2 to 5.4 upgrade contains breaking changes

Hi devs!

I’m Javan and I’m one of the developers for Confluence Server.

We plan to upgrade Hibernate from 5.2 to 5.4 in Confluence 7.14. This upgrade may break some apps that rely on deprecated features in Hibernate.

What is changing?

In our effort to fix security issues in Confluence, we’re upgrading the included Hibernate bundle library from 5.2 to 5.4. This includes a few breaking changes like removing deprecated features/interfaces.

Some notable major features that have been removed are:

  • Support for JDBC parameterised queries. Classes that implement HibernateContentQueryFactory should be verified to assure that named parameters are used instead.
  • RegionAccessStrategy and other access strategy interfaces have been replaced.

Why is it changing?

We take the security of Confluence seriously and focus on keeping third party code up to date.

What do I need to do?

In order to maintain compatibility with Confluence 7.14, please assure that your app is compatible with Hibernate 5.4. A large number of deprecated components have been removed in this release and may cause your app to break if not prepared for the change.

Please refer to the Hibernate documentation for official change logs and migration guides:

By when do I need to do it?

We are targeting the Confluence 7.14 release to upgrade the Hibernate to 5.4. Currently, 7.14 is expected to release on June 8th, 2021.

4 Likes

Hi @Javan,

are you referring to HibernateContentQueryFactory? There’s apparently no HibernateConte_x_tQueryFactory in Confluence.
Just wanted to clarify before everyone does a bitbucket search for the latter and can’t find anything in their repos :slight_smile:

2 Likes

Hi @jens,
Thanks for the catch! I’ve corrected the post and relevant documentation :slight_smile:

1 Like

Thanks for the information!

We do use the HibernateContentQueryFactory in our app to search custom content entities.

Will there be an alternative and a backport for older Confluence versions?

@ppasler

HibernateContentQueryFactory isn’t being removed, instead, support for JDBC parameterised queries is being removed. Since this factory is one of the main interfaces used to provide and execute custom queries to Hibernate, it’s recommended to check your usages to make sure you are using named parameters. Using the factory itself is fine!

Hope this helps!

Ah I see, thanks! So with your expertise, is this going to break?

...
public class FindAllInTopicHibernateQueryFactory implements HibernateContentQueryFactory {
...
	@Override
	public Query getQuery(final EntityManager entityManager, final Object... parameters) throws PersistenceException {
		return entityManager.createQuery("SELECT content" +
				" FROM  CustomContentEntityObject content" +
				" JOIN content.labellings labellings" +
				" WHERE content.pluginModuleKey = :moduleKey" +
				" AND content.originalVersion is null" +
				...
				" ORDER BY content.creationDate desc")
				.setParameter("moduleKey", MicroPostContentEntityAdapter.PLUGIN_CONTENT_KEY)
				...;
	}
}

@Javan, I think a snippet of code to illustrate the removed (and suggested replacement) queries would be useful. Could you paste a few snippets in here?

Thanks.

3 Likes

@ppasler

Should be fine :slight_smile:

However, I highly recommend looking at the Hibernate migration guides as while this is one of the most notable changes, it’s not the only change that requires attention as part of the upgrade.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.