You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Aleksei Zotov (Jira)" <ji...@apache.org> on 2021/09/11 19:59:00 UTC
[jira] [Comment Edited] (CASSANDRA-15153) Ensure Caffeine cache
does not return stale entries
[ https://issues.apache.org/jira/browse/CASSANDRA-15153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17413598#comment-17413598 ]
Aleksei Zotov edited comment on CASSANDRA-15153 at 9/11/21, 7:58 PM:
---------------------------------------------------------------------
[~mck] [~brandon.williams]
Thanks for the feedback! I made the changes and here is the summary:
||Branch||Comment||Changes||Source Code||
|3.0|It turned out that 3.0 does not use Caffeine. No changes are required.|No|N/A |
|3.11|{{AuthCache}} uses {{com.google.common.cache.CacheBuilder}} instead {{com.github.benmanes.caffeine.cache.Caffeine}}. I ported the corresponding test only and it passes. |Added a unit test| [https://github.com/alex-ninja/cassandra/tree/cassandra-15153-3.11_caffeine]|
| 4.0|Usage of 2.5.6 version fixes the issue. The corresponding test passes.|Added a unit test and updated _Caffeine_ version to 2.5.6| [https://github.com/alex-ninja/cassandra/tree/cassandra-15153-4.0_caffeine]|
| trunk|It is impossible to use 3.0.3 version because it is not compatible with Java 8 ([release notes|https://github.com/ben-manes/caffeine/releases/tag/v3.0.0]). Therefore, 2.9.2 is used. |Added a unit test and updated _Caffeine_ version to 2.9.2| [https://github.com/alex-ninja/cassandra/tree/cassandra-15153-trunk_caffeine]|
Could you please review and (if there are no remarks) start the CI.
PS:
If you think that it makes sense to keep versions aligned and stick to 2.5.6 in both 4.0 and trunk, I'm good with that (the patches are interchangeable). My personal attitude it to stick to the newer version for trunk because it may contain bug fixes for issues we have not yet discovered.
was (Author: azotcsit):
[~mck] [~brandon.williams]
Thanks for the feedback! I made the changes and here is the summary:
||Branch||Comment||Changes||Source Code||
|3.0|It turned out that 3.0 does not use Caffeine. No changes are required.|No|N/A |
|3.11|{{AuthCache}} uses {{com.google.common.cache.CacheBuilder}} instead {{com.github.benmanes.caffeine.cache.Caffeine}}. I ported the corresponding test only and it passes. |Added a unit test| https://github.com/alex-ninja/cassandra/tree/cassandra-15153-3.11_caffeine|
| 4.0| Using 2.5.6 version fixes the issue. The corresponding test passes.|Added a unit test and updated _Caffeine_ version to 2.5.6| https://github.com/alex-ninja/cassandra/tree/cassandra-15153-4.0_caffeine|
| trunk|It is impossible to use 3.0.3 version because it is not compatible with Java 8 ([release notes|https://github.com/ben-manes/caffeine/releases/tag/v3.0.0]). Therefore, 2.9.2 is used. |Added a unit test and updated _Caffeine_ version to 2.9.2| https://github.com/alex-ninja/cassandra/tree/cassandra-15153-trunk_caffeine|
Could you please review and (if there are no remarks) start the CI.
PS:
If you think that it makes sense to keep versions aligned and stick to 2.5.6 in both 4.0 and trunk, I'm good with that (the patches are interchangeable). My personal attitude it to stick to the newer version for trunk because it may contain bug fixes for issues we have not yet discovered.
> Ensure Caffeine cache does not return stale entries
> ---------------------------------------------------
>
> Key: CASSANDRA-15153
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15153
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
> Reporter: Per Otterström
> Assignee: Aleksei Zotov
> Priority: Normal
> Labels: security
>
> Version 2.3.5 of the Caffeine cache that we're using in various places can hand out stale entries in some cases. This seem to happen when an update fails repeatedly, in which case Caffeine may return a previously loaded value. For instance, the AuthCache may hand out permissions even though the reload operation is failing, see CASSANDRA-15041.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org