tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51509] New: Csrf Prevention Filter`s LruCache is not thread save
Date Thu, 14 Jul 2011 14:54:22 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51509

             Bug #: 51509
           Summary: Csrf Prevention Filter`s LruCache is not thread save
           Product: Tomcat 6
           Version: 6.0.32
          Platform: PC
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: ralph.apache@humanfork.de
    Classification: Unclassified


The LruCache (org.apache.catalina.filters.CsrfPreventionFilter$LruCache) use by
Csrf Prevention Filter is base on LinkedHashMap.

>From the LinkedHashMap Java Doc:
Note that this implementation is not synchronized.
If multiple threads access a linked hash map concurrently, and at least one of
the threads modifies the map structurally, it must be synchronized externally.
...

But the LruCache implementation does not synchronize the access to the map.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message