From issues-return-25156-apmail-struts-issues-archive=struts.apache.org@struts.apache.org Thu Jan 22 16:18:34 2015 Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E5082178F6 for ; Thu, 22 Jan 2015 16:18:34 +0000 (UTC) Received: (qmail 44081 invoked by uid 500); 22 Jan 2015 16:18:34 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 44039 invoked by uid 500); 22 Jan 2015 16:18:34 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 44028 invoked by uid 99); 22 Jan 2015 16:18:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jan 2015 16:18:34 +0000 Date: Thu, 22 Jan 2015 16:18:34 +0000 (UTC) From: "Lukasz Lenart (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (WW-4451) OgnlRuntime not threadsafe MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287662#comment-14287662 ] Lukasz Lenart commented on WW-4451: ----------------------------------- This can be fixed separately and as a drop-in solution - if you check Ognl page you will notice that Struts2 is using a bit old version ;-) https://github.com/jkuhnert/ognl > OgnlRuntime not threadsafe > -------------------------- > > Key: WW-4451 > URL: https://issues.apache.org/jira/browse/WW-4451 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack > Affects Versions: 2.3.21 > Reporter: Jasper Rosenberg > Priority: Critical > Fix For: 2.3.22 > > > Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl 4.0 actually addresses this by using a ConcurrentHashMap. > Twice in the last couple of years we have had a server die shortly after startup because of this issue. > Simplest fix is to just replace the uses of IntHashMap with ConcurrentHashMap (assuming ognl doesn't have to support java 4) > Alternatively, you could probably get away with the same solution used to protect uses of cacheSetMethod (though it isn't strictly correct since someone could still be calling get on cacheSetMethod in parallel to a put and get the wrong result). -- This message was sent by Atlassian JIRA (v6.3.4#6332)