000012144 - FIM - Log4j memory leak

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012144
Applies ToFederated Identity Management Module 3.1.2
Federated Identity Management Module 4.1
IssueFIM - Log4j memory leak
It was reported that there was a memory leak associated with FIMs use of log4j.  This was caused by stranded references in hash table from improper use of NDC (Nested Diagnostic Classes) log4j class.
Cause

The org.apache.log4j.NDC logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/NDC.html) class is holding references to a lot of dead threads in Hashtable. NDC uses the current thread as key in this hashtable and a Stack as value. Elements are only removed from this hashtable trough the public call remove()

NDC use can lead to memory leaks if you do not periodically call the NDC.remove() method. The current NDC implementation maintains a static hard link to the thread for which it is storing context. So, when the thread is released by its creator, the NDC maintains the link and the thread (and its related memory) is not released and garbage collected like one might expect. NDC.remove() fixes this by periodically checking the threads referenced by NDC and releasing the references of "dead" threads.

ResolutionThis problem has been resolved in hotfix 3.1.2.11 for FIM 3.1.2  Please contact RSA Customer Support and request this hotfix. These hotfixes are not cumulative, therefore all prior hotfixes must be installed before applying this hotfix.
This problem has been resolved in hotfix 4.1.0.21 for FIM 4.1  Please contact RSA Customer Support and request this hotfix. These hotfixes are cumulative.
Legacy Article IDa48006

Attachments

    Outcomes