Osworkflow not working with jira 8.18.0

We have a plugin in jira using osworkflow to define our own custom workflow. Our plugin works within jira and when i try to initialize workflow, We are getting this error in jira.log.

Caesium-1-3 ERROR ServiceRunner
[c.a.jira.workflow.DefaultOSWorkflowConfigurator] Rejecting usage of unsafe workflow function/class: com.service.workflow.condition.PermissionCondition . You can enable usage of this class by adding com.atlassian.jira.security.LegacyJiraTypeResolver.WARN_ONLY.enabled dark feature flag to Jira. Do it only if you are sure its known and secure case. It will make Jira vulnerablefor potential attacks.

and we are getting below exception

[INFO] [talledLocalContainer] com.opensymphony.workflow.WorkflowException: Could not load condition [INFO] [talledLocalContainer] at com.opensymphony.workflow.AbstractWorkflow.passesCondition(AbstractWorkflow.java:1045) [INFO] [talledLocalContainer] at com.opensymphony.workflow.AbstractWorkflow.passesConditions(AbstractWorkflow.java:1083) [INFO] [talledLocalContainer] at com.opensymphony.workflow.AbstractWorkflow.passesConditions(AbstractWorkflow.java:1107) [INFO] [talledLocalContainer] at com.opensymphony.workflow.AbstractWorkflow.canInitialize(AbstractWorkflow.java:862) [INFO] [talledLocalContainer] at com.opensymphony.workflow.AbstractWorkflow.initialize(AbstractWorkflow.java:598)

our osworkflow.xml file looks like

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE workflow PUBLIC "-//OpenSymphony Group//DTD OSWorkflow 2.8//EN" "http://www.opensymphony.com/osworkflow/workflow_2_8.dtd">
<workflow>
    <initial-actions>
        <action id="1" name="Distribute">
            <meta name="addon.i18n.submit">com.form.distribute</meta>
            <meta name="addon.i18n.title">com.form.distribute</meta>
            <meta name="addon.description">com.form.distribute</meta>
            <meta name="addon.dist.status.id">1</meta>
            <meta name="addon.dist.user.status.id">1</meta>
            <restrict-to>
                <conditions>
                    <condition type="class">
                        <arg name="permission">HAS_DISTRIBUTION_PERMISSION</arg>
                        <arg name="class.name">com.service.workflow.condition.PermissionCondition</arg>
                    </condition>
                </conditions>
            </restrict-to>
            <results>
                <unconditional-result old-status="null" status="Open"
                    step="1">
                    <post-functions>
                        <function type="class">
                            <arg name="class.name">com.service.workflow.function.form.DistributeForm</arg>
                        </function>
                        <function type="class">
                            <arg name="class.name">com.service.workflow.function.form.AssignToReviewer</arg>
                        </function>
                        <function type="class">
                            <arg name="class.name">com.service.workflow.function.form.SendFormActionMail</arg>
                            <arg name="mail.action">1</arg>
                        </function>
                    </post-functions>
                </unconditional-result>
            </results>
        </action>
    </initial-actions>
    <common-actions>
    <action id="21" name="Distribution Close">
            <meta name="addon.i18n.submit">com.form.distribution.user.close</meta>
            <meta name="addon.i18n.title">com.form.distribution.user.close</meta>
            <meta name="addon.description">com.form.response.close.confirmation.message</meta>
            <meta name="addon.user.action">false</meta>         
            <results>
                <unconditional-result old-status="Open" status="close" step="-1">
                    <post-functions>
                        <function type="class">
                            <arg name="class.name">com.service.workflow.function.form.DistributionUserClose</arg>
                            <arg name="status">3</arg>
                        </function>
                        
                    </post-functions>
                </unconditional-result>
            </results>
        </action>
    </common-actions>
    <steps>
        <step id="1" name="Open">
            <actions>
                <common-action id="21" />
                <common-action id="22" />
                <common-action id="5" />
                <common-action id="2" />                
            </actions>
        </step>
        <step id="3" name="Re-Opened">
            <actions>
                <common-action id="5" />
                <common-action id="2" />
                <common-action id="21" />
                <common-action id="22" />               
            </actions>
        </step>
    </steps>
</workflow>

More information related to issue

  1. We are using osworkflow-2.9.0-atlassian-1.jar
  2. It was working for all versions of jira prior to jira 8.18.0 and failing on 8.18.x. Is there any specific change related to this in jira 8.18.0 ?

Also when I add com.atlassian.jira.security.LegacyJiraTypeResolver.WARN_ONLY.enabled dark feature flag to Jira. It works !! Is it possible to achieve this by making changes in code so customer don’t need to enable this dark feature?