Bug 1273147

Summary: [GSS] (6.4.z) ISPN-5876 - Pre-commit cache invalidation creates stale cache vulnerability
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Stephen Fikes <sfikes>
Component: InfinispanAssignee: Enrique Gonzalez Martinez <egonzale>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Simka <msimka>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1.1CC: bmaxwell, cdewolf, dpospisi, egonzale, galder.zamarreno, jawilson, msimka, sfikes, sjacobs, ttarrant
Target Milestone: CR1   
Target Release: EAP 6.4.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1279982 (view as bug list) Environment:
Last Closed: 2017-01-17 11:54:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1279552, 1279982, 1290879    

Description Stephen Fikes 2015-10-19 18:32:51 UTC 
Description of problem:
https://issues.jboss.org/browse/ISPN-5876

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 JBoss JIRA Server 2015-10-23 11:24:11 UTC 
Galder ZamarreƱo <galder.zamarreno> updated the status of jira ISPN-5876 to Coding In Progress
Comment 2 Enrique Gonzalez Martinez 2015-10-26 10:06:31 UTC 
upstream PR: 
    https://github.com/infinispan/infinispan/pull/3778

6.4.z -> 5.2.x branch backport: 
    https://github.com/infinispan/infinispan/pull/3777

This requires an infinispan upgrade.
Comment 3 Enrique Gonzalez Martinez 2015-11-03 07:32:21 UTC 
Merged:

commit upstream: 
https://github.com/infinispan/infinispan/commit/63317deb1920aa87c585c756b3cba396ef670e57

commit 6.4.z - 5.2.x :
https://github.com/infinispan/infinispan/commit/4f9556ca8d9c8c136be721de778e7a277c7d7b59
Comment 7 Enrique Gonzalez Martinez 2016-02-03 08:53:22 UTC 

PR: https://github.com/infinispan/infinispan/pull/3980
no upstream required
Comment 8 Enrique Gonzalez Martinez 2016-02-08 09:29:53 UTC 
merged 5.2.x branch infinispan, 6,4,z stream

https://github.com/infinispan/infinispan/commit/ae675c8959356ef9e4dc50d4a64525b8b7159168
Comment 12 Martin Simka 2016-03-15 14:41:49 UTC 
verified with EAP 6.4.7.CP.CR2

this fix is enabled by setting system property infinispan.invalidation.on_commit to true
Comment 13 Petr Penicka 2017-01-17 11:54:31 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.