Issue with bamboo api calls

ewsscm January 21, 2021

When we are trying to make api calls to bamboo we get the following response


curl -k 'https://bambooxxxxxxx/rest/api/latest/deploy/project/all' -u username:password


<title>Internal server error</title>
<meta name="decorator" content="install" />

<h1>Internal server error</h1>

<h4>Go to...</h4>
<li><a href="/">Site homepage</a></li>
A system error has occurred - our apologies!
Please create a problem report on our <b>support system</b> at <a href=""></a> with the following information:
<ol class="standard">
<li>a description of your problem and what you were doing at the time it occurred
<li>cut &amp; paste the error and system information found below
<li>attach the <strong>atlassian-bamboo.log</strong> log file found in your application home.
We will respond as promptly as possible.<br/>Thank you!

<b>Version:</b> 6.9.1<br>
<b>Build:</b> 60910<br>
<b>Build Date:</b> 04 Jun 2019

<h4>Request information:</h4>
<ul class="standard">
<li>Request URL: https://bambooxxxxxx/500.action</li>
<li>Scheme: https</li>
<li>Port: 443</li>
<li>URI: /500.action</li>
<li>Context path: </li>
<li>Servlet path: /500.action</li>
<li>Path info: </li>
<li>Query string: </li>

<b>Stack Trace:</b>


java.lang.IllegalStateException: XSRF: A mutative operation was attempted on InternalMembership within a non-mutative HTTP request: https://bambooxxxxx/rest/api/latest/deploy/ : [null]-&gt;
-&gt;[[386695185, 328237456, GROUP_USER, GROUP, KeyLight_Access, keylight_access, , 2021-01-21 11:20:59.162,$HibernateProxy$xJR7flyF@4db106e7[lowerName=crowd repository,description=


1 answer

0 votes
Steffen Opel _Utoolity_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 23, 2021

This seems to be related to an XSRF bug that has by chance just been fixed and published in Bamboo 7.2.2 yesterday:

If you are unable to upgrade to Bamboo 7.2.2 right away, the issue lists two workarounds:

Workaround 1

Use Personal Access Tokens to authenticate with the API instead:

Workaround 2

Login as the user via the UI so that updates are performed. REST calls will now work until theres another change to the user or their group membership.

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events