[
https://issues.apache.org/jira/browse/WW-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jasper Rosenberg reopened WW-4451:
----------------------------------
This may be resolved, but presumably not for 2.3.22 which still references ognl
3.0.6 right? (as it should due to regression issues)
> OgnlRuntime not threadsafe
> --------------------------
>
> Key: WW-4451
> URL: https://issues.apache.org/jira/browse/WW-4451
> Project: Struts 2
> Issue Type: Bug
> Components: Value Stack
> Affects Versions: 2.3.20
> Reporter: Jasper Rosenberg
> Assignee: Lukasz Lenart
> Priority: Critical
> Fix For: 2.5
>
>
> Access to _methodAccessCache and _methodPermCache is not thread-safe. Ognl
> 4.0 actually addresses this by using a ConcurrentHashMap.
> Twice in the last couple of years we have had a server die shortly after
> startup because of this issue.
> Simplest fix is to just replace the uses of IntHashMap with
> ConcurrentHashMap<Integer, Boolean> (assuming ognl doesn't have to support
> java 4)
> Alternatively, you could probably get away with the same solution used to
> protect uses of cacheSetMethod (though it isn't strictly correct since
> someone could still be calling get on cacheSetMethod in parallel to a put and
> get the wrong result).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
