[jira] [Updated] (WW-4451) OgnlRuntime not threadsafe
[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jasper Rosenberg updated WW-4451: - Fix Version/s: (was: 2.3.22) 2.5 OgnlRuntime not threadsafe -- Key: WW-4451 URL: https://issues.apache.org/jira/browse/WW-4451 Project: Struts 2 Issue Type: Bug Components: Value Stack Affects Versions: 2.3.20 Reporter: Jasper Rosenberg Assignee: Lukasz Lenart Priority: Critical Fix For: 2.5 Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl 4.0 actually addresses this by using a ConcurrentHashMap. Twice in the last couple of years we have had a server die shortly after startup because of this issue. Simplest fix is to just replace the uses of IntHashMap with ConcurrentHashMapInteger, Boolean (assuming ognl doesn't have to support java 4) Alternatively, you could probably get away with the same solution used to protect uses of cacheSetMethod (though it isn't strictly correct since someone could still be calling get on cacheSetMethod in parallel to a put and get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4451) OgnlRuntime not threadsafe
[ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4451: -- Fix Version/s: 2.5 OgnlRuntime not threadsafe -- Key: WW-4451 URL: https://issues.apache.org/jira/browse/WW-4451 Project: Struts 2 Issue Type: Bug Components: Value Stack Affects Versions: 2.3.21 Reporter: Jasper Rosenberg Priority: Critical Fix For: 2.3.22 Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl 4.0 actually addresses this by using a ConcurrentHashMap. Twice in the last couple of years we have had a server die shortly after startup because of this issue. Simplest fix is to just replace the uses of IntHashMap with ConcurrentHashMapInteger, Boolean (assuming ognl doesn't have to support java 4) Alternatively, you could probably get away with the same solution used to protect uses of cacheSetMethod (though it isn't strictly correct since someone could still be calling get on cacheSetMethod in parallel to a put and get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)