struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jasper Rosenberg (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4451) OgnlRuntime not threadsafe
Date Thu, 22 Jan 2015 16:32:34 GMT

    [ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287680#comment-14287680
] 

Jasper Rosenberg commented on WW-4451:
--------------------------------------

Yeah, I noticed that you have done a couple of intermediate ognl releases.  I think we are
actually already referencing a newer ognl than the struts default.  I'm a bit worried about
running into unexpected issues with the 3.0.8 release though since it changed how ognl interpreted
property names...

> OgnlRuntime not threadsafe
> --------------------------
>
>                 Key: WW-4451
>                 URL: https://issues.apache.org/jira/browse/WW-4451
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Value Stack
>    Affects Versions: 2.3.21
>            Reporter: Jasper Rosenberg
>            Priority: Critical
>             Fix For: 2.3.22
>
>
> Access to _methodAccessCache and _methodPermCache is not thread-safe.  Ognl 4.0 actually
addresses this by using a ConcurrentHashMap. 
> Twice in the last couple of years we have had a server die shortly after startup because
of this issue.  
> Simplest fix is to just replace the uses of IntHashMap with ConcurrentHashMap<Integer,
Boolean> (assuming ognl doesn't have to support java 4)
> Alternatively, you could probably get away with the same solution used to protect uses
of cacheSetMethod (though it isn't strictly correct since someone could still be calling get
on cacheSetMethod in parallel to a put and get the wrong result).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message