[jira] [Commented] (CASSANDRA-15153) Ensure Caffeine cache does not return stale entries

Sat, 11 Sep 2021 12:59:05 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-15153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17413598#comment-17413598
 ] 

Aleksei Zotov commented on CASSANDRA-15153:
-------------------------------------------

[~mck] [~brandon.williams]

Thanks for the feedback! I made the changes and here is the summary:
||Branch||Comment||Changes||Source Code||
|3.0|It turned out that 3.0 does not use Caffeine. No changes are 
required.|No|N/A |
|3.11|{{AuthCache}} uses {{com.google.common.cache.CacheBuilder}} instead 
{{com.github.benmanes.caffeine.cache.Caffeine}}. I ported the corresponding 
test only and it passes. |Added a unit test| 
https://github.com/alex-ninja/cassandra/tree/cassandra-15153-3.11_caffeine|
| 4.0| Using 2.5.6 version fixes the issue. The corresponding test 
passes.|Added a unit test and updated _Caffeine_ version to 2.5.6| 
https://github.com/alex-ninja/cassandra/tree/cassandra-15153-4.0_caffeine|
| trunk|It is impossible to use 3.0.3 version because it is not compatible with 
Java 8 ([release 
notes|https://github.com/ben-manes/caffeine/releases/tag/v3.0.0]). Therefore, 
2.9.2 is used. |Added a unit test and updated _Caffeine_ version to 2.9.2| 
https://github.com/alex-ninja/cassandra/tree/cassandra-15153-trunk_caffeine|

 

Could you please review and (if there are no remarks) start the CI.

 

PS:

If you think that it makes sense to keep versions aligned and stick to 2.5.6 in 
both 4.0 and trunk, I'm good with that (the patches are interchangeable). My 
personal attitude it to stick to the newer version for trunk because it may 
contain bug fixes for issues we have not yet discovered.

 

> Ensure Caffeine cache does not return stale entries
> ---------------------------------------------------
>
>                 Key: CASSANDRA-15153
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15153
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Authorization
>            Reporter: Per Otterström
>            Assignee: Aleksei Zotov
>            Priority: Normal
>              Labels: security
>
> Version 2.3.5 of the Caffeine cache that we're using in various places can 
> hand out stale entries in some cases. This seem to happen when an update 
> fails repeatedly, in which case Caffeine may return a previously loaded 
> value. For instance, the AuthCache may hand out permissions even though the 
> reload operation is failing, see CASSANDRA-15041.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to