[jboss-jira] [JBoss JIRA] (SECURITY-777) Picketbox uses non-synchronized static maps
Stuart Douglas (JIRA)
issues at jboss.org
Fri Dec 20 05:27:32 EST 2013
[ https://issues.jboss.org/browse/SECURITY-777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12932846#comment-12932846 ]
Stuart Douglas commented on SECURITY-777:
-----------------------------------------
I have attached a patch, that fixes this issue, as well as some other obvious problems I noticed.
> Picketbox uses non-synchronized static maps
> -------------------------------------------
>
> Key: SECURITY-777
> URL: https://issues.jboss.org/browse/SECURITY-777
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: PicketBox_4_0_20.Beta2
> Reporter: Stuart Douglas
> Assignee: Stefan Guilhen
> Attachments: picketlink.diff
>
>
> Picketbox uses quite a few static maps as global registries (yuck), and unfortunately they are not all thread safe, which can result in races as Wildfly starts security domains asynchronously.
> Please see attached patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list