[CASSANDRA-15153] Ensure Caffeine cache does not return stale entries - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.0.2, 4.1-alpha1, 4.1
Component/s: Feature/Authorization
Labels:
- security

Bug Category:
Security - Privilege Escalation
Severity:
Low
Complexity:
Low Hanging Fruit
Discovered By:
Unit Test
Platform:

All
Impacts:

Security
Since Version:

4.0-alpha
Source Control Link:

https://github.com/apache/cassandra/commit/b3af67f0ee950bed75593e0e6ce27547375f4096
Test and Documentation Plan:

Hide

A unit test was added. No documentation changes are required.

Show
A unit test was added. No documentation changes are required.

Description

Version 2.3.5 of the Caffeine cache that we're using in various places can hand out stale entries in some cases. This seem to happen when an update fails repeatedly, in which case Caffeine may return a previously loaded value. For instance, the AuthCache may hand out permissions even though the reload operation is failing, see ~~CASSANDRA-15041~~.

Attachments

Issue Links

causes

CASSANDRA-18002 Update NetBeans project file for dependency changes since 7th July 2021

Resolved

is related to

CASSANDRA-15041 UncheckedExecutionException if authentication/authorization query fails

Resolved

Activity

People

Assignee:: Aleksei Zotov

Reporter:: Per Otterström

Authors:: Aleksei Zotov

Reviewers:: Brandon Williams, Michael Semb Wever

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 10/Jun/19 13:12

Updated:: 01/Nov/22 20:09

Resolved:: 17/Sep/21 13:55