ben-manes commented on PR #766: URL: https://github.com/apache/struts/pull/766#issuecomment-1762492433
fwiw, this would change from a concurrent cache to a synchronized one. It looks like the original code replaced an unbounded concurrent map. The performance difference may be unacceptable of explain the concern without benchmarks/profiling. Caffeine is very resilient to attacks, like hash flooding and being scan resilient. An independent analysis might be of interest, [An evaluation of cache management policies under workloads with malicious requests](https://ieeexplore.ieee.org/abstract/document/8247467/). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
