Confluence throws ESAPI Warning message during startup in the catalina file

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

We haven't had any reports of this logging indicative of an issue within Confluence; references to this kind of logging have amounted to more like noise.

Environment

This problem was identified in Confluence server and Data Center version 7.9.1, but it could also affect other versions of Confluence.

Diagnosis

The following is found in catalina.out:

1 2 3 4 5 6 7 8 9 10 2020-12-08 01:12:07,975 INFO [main] [com.atlassian.confluence.lifecycle] contextInitialized Starting Confluence 7.9.1 [build 8505 based on commit hash ff7e2168e6612de568868b1da57f8ff07cb23164] - synchrony version 4.0.0-master-85ceb9cf ... ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set ESAPI: Attempting to load ESAPI.properties via file I/O. ESAPI: Attempting to load ESAPI.properties as resource file via file I/O. ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/confluence1/ESAPI.properties ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties ESAPI: Not found in 'user.home' (/home/confluence1) directory: /home/confluence1/esapi/ESAPI.properties ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException

Cause

Confluence doesn't natively use OWASP Enterprise Security API (ESAPI) by default, so these entries are being logged as a result of using a third-party app. 

Solution

Follow Temporarily disable apps on startup to verify if this is caused by a third-party app. To identify which app is throwing the warnings, you may use the Split-Half Search technique by following the steps below:

  1. After enabling safe mode, enable half apps back, and check the problem.

  2. If the problem remains, then the problem is within the half you enabled. If not, then the app throwing this error is within the half you left disabled

  3. Repeat this process until you identify the problematic app.

Updated on March 11, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community