Jasper Rosenberg created WW-4451:
------------------------------------
Summary: OgnlRuntime not threadsafe
Key: WW-4451
URL: https://issues.apache.org/jira/browse/WW-4451
Project: Struts 2
Issue Type: Bug
Components: Value Stack
Affects Versions: 2.3.21
Reporter: Jasper Rosenberg
Priority: Critical
Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl 4.0
actually addresses this by using a ConcurrentHashMap.
Twice in the last couple of years we have had a server die shortly after
startup because of this issue.
Simplest fix is to just replace the uses of IntHashMap with
ConcurrentHashMap<Integer, Boolean> (assuming ognl doesn't have to support java
4)
Alternatively, you could probably get away with the same solution used to
protect uses of cacheSetMethod (though it isn't strictly correct since someone
could still be calling get on cacheSetMethod in parallel to a put and get the
wrong result).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
