[BUG] ClassLoader Leak in AesGcmEncryption due to uncleaned ThreadLocal #58
Description
Description:
Summary
The AesGcmEncryption class uses a ThreadLocal to cache encryption handles. In Web container environments (e.g., Tomcat), this leads to ClassLoader Pinning because the Cipher object, loaded by the WebappClassLoader, is strongly referenced by long-lived container threads.
Technical Details
Vulnerable Field: private ThreadLocal cipherWrapper.
Mechanism: When getCipher() is called, a Cipher instance is bound to the current thread's ThreadLocalMap.
The Leak: There is no cipherWrapper.remove() call in the codebase. This creates a reference chain: Thread -> ThreadLocalMap -> Cipher -> WebappClassLoader, preventing the application from being fully undeployed.
Impact
Repeated hot redeployments will cause Metaspace/PermGen exhaustion (OOM), requiring a full JVM restart to recover.
Suggested Fix
-
Remove ThreadLocal: Modern JVMs handle Cipher.getInstance() efficiently; caching may not be necessary.
-
Explicit Cleanup: If caching is required, implement a cleanup mechanism (e.g., a destroy() method) that invokes cipherWrapper.remove() on active threads.