[ https://issues.apache.org/jira/browse/WW-5276?focusedWorklogId=840846&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-840846 ]
ASF GitHub Bot logged work on WW-5276: -------------------------------------- Author: ASF GitHub Bot Created on: 22/Jan/23 10:05 Start Date: 22/Jan/23 10:05 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #654: URL: https://github.com/apache/struts/pull/654 Fixes [WW-5276](https://issues.apache.org/jira/browse/WW-5276) Issue Time Tracking ------------------- Worklog Id: (was: 840846) Remaining Estimate: 0h Time Spent: 10m > Cleanup method of request is not called > --------------------------------------- > > Key: WW-5276 > URL: https://issues.apache.org/jira/browse/WW-5276 > Project: Struts 2 > Issue Type: Bug > Affects Versions: 6.1.1 > Reporter: Mirek Hankus > Priority: Major > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > After upgrading to 6.1.1 we have noticed that cleanup method of custom > MultiPartRequest is not called by struts. > > > It may be related to > [https://github.com/apache/struts/commit/69102e907551a87335231656320c8484072bdecb] > > as before variable "request" was overwritten with wrapped request and cleanup > was called in finally section > > After this commit new variable is created called "wrappedRequest", but > cleanup is called only on original request, and new wrappedRequest is not > cleaned up at all. > > Below is respective code fragment > {code:java} > HttpServletRequest wrappedRequest = prepare.wrapRequest(request); > ActionMapping mapping = > prepare.findActionMapping(wrappedRequest, response, true); > if (mapping == null) { > LOG.trace("Cannot find mapping for {}, passing to > other filters", uri); > chain.doFilter(request, response); > } else { > LOG.trace("Found mapping {} for {}", mapping, uri); > execute.executeAction(wrappedRequest, response, > mapping); > } > } > } > } finally { > prepare.cleanupRequest(request); > }{code} > > This bug causes a lot of resource problems, and can result in denial of > service condition for application (or making application not compliant - as > sensitive information is not properly discarded). > > > > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)