Static variables in ELUtils cause memory leaks and leaks of resolver cache between applications
Closed this issue · 1 comments
Describe the bug
When Mojarra is used in an application server, its classes are loaded by the app server's classloader and are shared by all deployed applications. This can lead to at least to serious issues:
- Some of the static resolvers store references to the application classloader with soft references. If the application is undeployed from the server, these references can hang in the resolver cache for a long time, even until the heap is full. They don't generate OOM but may block the memory up to the heap size, even though the classloader is not used anymore. Details in this issue: jakartaee/expression-language#214
- Since the resolvers are global and shared by all applications, different applications might clash, and one application could see data from another application. This is purely hypothetical, I didn't find any resolver that would allow that but still, sharing a global variable between multiple applications is not a good practice and is potentially risky
To Reproduce
The memory leak can be reproduced as discussed in jakartaee/expression-language#214
Expected behavior
Each application that is deployed on an application server uses its own set of resolvers. Doesn't share them with other applications.
A fix for the 4.1 version is here: #5462
Should be also backported to 4.0 so that Jakarta EE 10 app servers like GlassFish can include the fix.
I cannot build the current master branch. I assume it's not buildable because it depends on a new snapshot Faces version. So I didn't raise the PR for the master branch.