[
https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287662#comment-14287662
]
Lukasz Lenart commented on WW-4451:
-----------------------------------
This can be fixed separately and as a drop-in solution - if you check Ognl page
you will notice that Struts2 is using a bit old version ;-)
https://github.com/jkuhnert/ognl
> OgnlRuntime not threadsafe
> --------------------------
>
> Key: WW-4451
> URL: https://issues.apache.org/jira/browse/WW-4451
> Project: Struts 2
> Issue Type: Bug
> Components: Value Stack
> Affects Versions: 2.3.21
> Reporter: Jasper Rosenberg
> Priority: Critical
> Fix For: 2.3.22
>
>
> Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl
> 4.0 actually addresses this by using a ConcurrentHashMap.
> Twice in the last couple of years we have had a server die shortly after
> startup because of this issue.
> Simplest fix is to just replace the uses of IntHashMap with
> ConcurrentHashMap<Integer, Boolean> (assuming ognl doesn't have to support
> java 4)
> Alternatively, you could probably get away with the same solution used to
> protect uses of cacheSetMethod (though it isn't strictly correct since
> someone could still be calling get on cacheSetMethod in parallel to a put and
> get the wrong result).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
