[
https://issues.apache.org/jira/browse/HADOOP-10829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhe Zhang updated HADOOP-10829:
-------------------------------
Fix Version/s: 2.8.3
2.7.4
Thanks for the fix [~benoyantony]. Given this is a security bug fix, I just
backported to branch-2.8 and branch-2.7
> Iteration on CredentialProviderFactory.serviceLoader is thread-unsafe
> ----------------------------------------------------------------------
>
> Key: HADOOP-10829
> URL: https://issues.apache.org/jira/browse/HADOOP-10829
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Labels: BB2015-05-TBR
> Fix For: 2.9.0, 2.7.4, 3.0.0-beta1, 2.8.3
>
> Attachments: HADOOP-10829.003.patch, HADOOP-10829.patch,
> HADOOP-10829.patch
>
>
> CredentialProviderFactory uses _ServiceLoader_ framework to load
> _CredentialProviderFactory_
> {code}
> private static final ServiceLoader<CredentialProviderFactory> serviceLoader
> =
> ServiceLoader.load(CredentialProviderFactory.class);
> {code}
> The _ServiceLoader_ framework does lazy initialization of services which
> makes it thread unsafe. If accessed from multiple threads, it is better to
> synchronize the access.
> Similar synchronization has been done while loading compression codec
> providers via HADOOP-8406.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
