[jboss-jira] [JBoss JIRA] (SECURITY-845) Classloader leak in JBossCachedAuthenticationManager
Emmanuel Hugonnet (JIRA)
issues at jboss.org
Thu Jun 12 10:32:38 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Hugonnet updated SECURITY-845:
---------------------------------------
Git Pull Request: https://github.com/picketbox/picketbox/pull/4
> Classloader leak in JBossCachedAuthenticationManager
> ----------------------------------------------------
>
> Key: SECURITY-845
> URL: https://issues.jboss.org/browse/SECURITY-845
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: PicketBox
> Affects Versions: PicketBox_4_0_21.Beta2
> Reporter: Emmanuel Hugonnet
> Assignee: Emmanuel Hugonnet
>
> The problematic piece of code is the domainCache member variable which in the DomainInfo value holds a LoginContext instance. This LoginContext has member contextClassLoader which causes the leak. (It points to the ModuleClassLoader of the deployment).
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list