Jasper Rosenberg created WW-4451: ------------------------------------ Summary: OgnlRuntime not threadsafe Key: WW-4451 URL: https://issues.apache.org/jira/browse/WW-4451 Project: Struts 2 Issue Type: Bug Components: Value Stack Affects Versions: 2.3.21 Reporter: Jasper Rosenberg Priority: Critical
Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl 4.0 actually addresses this by using a ConcurrentHashMap. Twice in the last couple of years we have had a server die shortly after startup because of this issue. Simplest fix is to just replace the uses of IntHashMap with ConcurrentHashMap<Integer, Boolean> (assuming ognl doesn't have to support java 4) Alternatively, you could probably get away with the same solution used to protect uses of cacheSetMethod (though it isn't strictly correct since someone could still be calling get on cacheSetMethod in parallel to a put and get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)