#388 HIGH: Race condition in RBAC ClientKeyManager cache (no thread lock)

closed high Created 2025-12-11 22:21 · Updated 2025-12-12 14:48

Description

Edit

rbac_manager.py:91-135 - ClientKeyManager._cache is plain dict without thread locks. Comment claims LRU is thread-safe but implementation is NOT. Concurrent Bulkhead threads can corrupt cache. Fix: Add threading.Lock.

Comments

Loading comments...

Context

Loading context...

Audit History

View All

Loading audit history...

#388 HIGH: Race condition in RBAC ClientKeyManager cache (no thread lock)

Description

Similar Issues

Comments

Context

Audit History