To clarify the issue a bit more: this issue solves an infrequent occurring security bug, best
described by the following comment:
> We have the weirdest thing going on, which is as random and rare
> as it is deadly. Every once in a while, on a blue moon, the user can see
> other person's data on his screen! A simple click on the tree - and he got
> somebody else's data. Then, after more clicks, they disappear.
This occurs really infrequently, but is serious and deadly enough to warrant a new release (1.2.6).
We deduced the root of this problem to be a ThreadLocal (Session#dirtyObjects) that was not
cleaned up at the end of a request, leaving stray data in the thread for another session to pick
up. The ThreadLocal was not cleaned up in very specific circumstances and the session cross
over only happened in rare circumstances.
This issue has been resolved by always cleaning up the thread local and never occurred on our