DO NOT REPLY [Bug 51509] New: Csrf Prevention Filter`s LruCache is not thread save

bugzilla Thu, 14 Jul 2011 07:54:50 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=51509


             Bug #: 51509
           Summary: Csrf Prevention Filter`s LruCache is not thread save
           Product: Tomcat 6
           Version: 6.0.32
          Platform: PC
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


The LruCache (org.apache.catalina.filters.CsrfPreventionFilter$LruCache) use by
Csrf Prevention Filter is base on LinkedHashMap.

>From the LinkedHashMap Java Doc:
Note that this implementation is not synchronized.
If multiple threads access a linked hash map concurrently, and at least one of
the threads modifies the map structurally, it must be synchronized externally.
...

But the LruCache implementation does not synchronize the access to the map.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

DO NOT REPLY [Bug 51509] New: Csrf Prevention Filter`s LruCache is not thread save

Reply via email to