Update to Tomcat 9.0.54. This could be a known security bug that is fixed in this version.
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54 Shawn Beard • Sr. Systems Engineer Middleware Engineering [cid:image624605.png@3C243DDD.ADE52D22] 3840 109th Street , Urbandale , IA 50322 Phone: +1-515-564-2528<tel:+1-515-564-2528> Email: sbe...@wrberkley.com<mailto:sbe...@wrberkley.com> Website: https://berkleytechnologyservices.com/ [cid:image990961.jpg@8EA0B6A1.B831013E] Technology Leadership Unleashing Business Potential -----Original Message----- From: Tim K <tim.k.5...@gmail.com> Sent: Monday, October 18, 2021 1:07 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Potential Memory Leak with StandardManager [EXTERNAL] ** CAUTION: External message Running 4 balanced nodes of tomcat 9.0.52 in Linux. While running with production load, memory usage is slowly growing, it does not appear to really drop unless the OS/tomcat is restarted. I did a load test locally with just login actions, did a heap dump, and MAT says: One instance of org.apache.catalina.session.StandardManager loaded by sun.misc.Launcher$AppClassLoader @ 0x9978028 occupies 59,628,760 (57.09%) bytes. The memory is accumulated in one instance of java.util.concurrent.ConcurrentHashMap$Node[], loaded by <system class loader>, which occupies 59,615,224 (57.07%) bytes. My session timeout is set to 15 minutes... I set just a name and userId in the session object in our single application running on these servers. Not sure how else to troubleshoot and/or resolve this from reaching the heap max. Are there settings to change in order to get these sessions removed from heap? Does GC occur out of the box with tomcat or do I need to define that in order for it to happen? Thanks, Tim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.