[jira] [Commented] (WW-4451) OgnlRuntime not threadsafe
[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287680#comment-14287680 ] Jasper Rosenberg commented on WW-4451: -- Yeah, I noticed that you have done a couple of intermediate ognl releases. I think we are actually already referencing a newer ognl than the struts default. I'm a bit worried about running into unexpected issues with the 3.0.8 release though since it changed how ognl interpreted property names... > OgnlRuntime not threadsafe > -- > > Key: WW-4451 > URL: https://issues.apache.org/jira/browse/WW-4451 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.3.21 >Reporter: Jasper Rosenberg >Priority: Critical > Fix For: 2.3.22 > > > Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl > 4.0 actually addresses this by using a ConcurrentHashMap. > Twice in the last couple of years we have had a server die shortly after > startup because of this issue. > Simplest fix is to just replace the uses of IntHashMap with > ConcurrentHashMap (assuming ognl doesn't have to support > java 4) > Alternatively, you could probably get away with the same solution used to > protect uses of cacheSetMethod (though it isn't strictly correct since > someone could still be calling get on cacheSetMethod in parallel to a put and > get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4451) OgnlRuntime not threadsafe
[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287662#comment-14287662 ] Lukasz Lenart commented on WW-4451: --- This can be fixed separately and as a drop-in solution - if you check Ognl page you will notice that Struts2 is using a bit old version ;-) https://github.com/jkuhnert/ognl > OgnlRuntime not threadsafe > -- > > Key: WW-4451 > URL: https://issues.apache.org/jira/browse/WW-4451 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.3.21 >Reporter: Jasper Rosenberg >Priority: Critical > Fix For: 2.3.22 > > > Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl > 4.0 actually addresses this by using a ConcurrentHashMap. > Twice in the last couple of years we have had a server die shortly after > startup because of this issue. > Simplest fix is to just replace the uses of IntHashMap with > ConcurrentHashMap (assuming ognl doesn't have to support > java 4) > Alternatively, you could probably get away with the same solution used to > protect uses of cacheSetMethod (though it isn't strictly correct since > someone could still be calling get on cacheSetMethod in parallel to a put and > get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4451) OgnlRuntime not threadsafe
[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4451: -- Fix Version/s: 2.5 > OgnlRuntime not threadsafe > -- > > Key: WW-4451 > URL: https://issues.apache.org/jira/browse/WW-4451 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.3.21 >Reporter: Jasper Rosenberg >Priority: Critical > Fix For: 2.3.22 > > > Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl > 4.0 actually addresses this by using a ConcurrentHashMap. > Twice in the last couple of years we have had a server die shortly after > startup because of this issue. > Simplest fix is to just replace the uses of IntHashMap with > ConcurrentHashMap (assuming ognl doesn't have to support > java 4) > Alternatively, you could probably get away with the same solution used to > protect uses of cacheSetMethod (though it isn't strictly correct since > someone could still be calling get on cacheSetMethod in parallel to a put and > get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4451) OgnlRuntime not threadsafe
[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4451: -- Fix Version/s: (was: 2.5) 2.3.22 > OgnlRuntime not threadsafe > -- > > Key: WW-4451 > URL: https://issues.apache.org/jira/browse/WW-4451 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.3.21 >Reporter: Jasper Rosenberg >Priority: Critical > Fix For: 2.3.22 > > > Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl > 4.0 actually addresses this by using a ConcurrentHashMap. > Twice in the last couple of years we have had a server die shortly after > startup because of this issue. > Simplest fix is to just replace the uses of IntHashMap with > ConcurrentHashMap (assuming ognl doesn't have to support > java 4) > Alternatively, you could probably get away with the same solution used to > protect uses of cacheSetMethod (though it isn't strictly correct since > someone could still be calling get on cacheSetMethod in parallel to a put and > get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (WW-4451) OgnlRuntime not threadsafe
Jasper Rosenberg created WW-4451: Summary: OgnlRuntime not threadsafe Key: WW-4451 URL: https://issues.apache.org/jira/browse/WW-4451 Project: Struts 2 Issue Type: Bug Components: Value Stack Affects Versions: 2.3.21 Reporter: Jasper Rosenberg Priority: Critical Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl 4.0 actually addresses this by using a ConcurrentHashMap. Twice in the last couple of years we have had a server die shortly after startup because of this issue. Simplest fix is to just replace the uses of IntHashMap with ConcurrentHashMap (assuming ognl doesn't have to support java 4) Alternatively, you could probably get away with the same solution used to protect uses of cacheSetMethod (though it isn't strictly correct since someone could still be calling get on cacheSetMethod in parallel to a put and get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
