[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287662#comment-14287662 ]
Lukasz Lenart commented on WW-4451: ----------------------------------- This can be fixed separately and as a drop-in solution - if you check Ognl page you will notice that Struts2 is using a bit old version ;-) https://github.com/jkuhnert/ognl > OgnlRuntime not threadsafe > -------------------------- > > Key: WW-4451 > URL: https://issues.apache.org/jira/browse/WW-4451 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack > Affects Versions: 2.3.21 > Reporter: Jasper Rosenberg > Priority: Critical > Fix For: 2.3.22 > > > Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl > 4.0 actually addresses this by using a ConcurrentHashMap. > Twice in the last couple of years we have had a server die shortly after > startup because of this issue. > Simplest fix is to just replace the uses of IntHashMap with > ConcurrentHashMap<Integer, Boolean> (assuming ognl doesn't have to support > java 4) > Alternatively, you could probably get away with the same solution used to > protect uses of cacheSetMethod (though it isn't strictly correct since > someone could still be calling get on cacheSetMethod in parallel to a put and > get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)