|author||Luca Milanesio <email@example.com>||Tue Jan 12 21:47:15 2021 +0000|
|committer||David Ostrovsky <firstname.lastname@example.org>||Tue Jan 26 13:29:32 2021 +0100|
Avoid creating HTTP Sessions for Git-over-HTTP The Change-Id: Iffcd0fbd7 has involuntarily triggered the creation of a new HTTP Session for every invocation a Git-over-HTTP request. All came from the mistake of tracing the HTTP session instead of the Gerrit session in the audit record. The HTTP Servlet API specs say that any attempt to access the current session of an incoming request would result in the creation of a brand-new session. The session involuntarily created also had an expiry time equal to zero, which prevented the session housekeeper to reclaim them later on, even though they were unused. The consequence of creating an empty session for every Git-over-HTTP request isn't immediately tangible, because the session is empty and doesn't occupy a significant amount of memory. However, longer-term, the in-memory hashtable that records all the sessions, each one using 750 bytes on average, will be causing the overload of the JVM heap and the crash of the process because of lack of available memory. Use the correct Gerrit session-id, retrieving from the Provider<WebSession> the proper session, if active and logged in, and make sure in tests that no HTTP sessions are created as a result of a Git-over-http request. Bug: Issue 13858 Change-Id: I8c086fed54b196c3f46fa88ac78c127784524d30
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recursive https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update & apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 7 based Gerrit image:
docker run -p 8080:8080 gerritforge/gerrit-centos7[:version]
To run a Ubuntu 15.04 based Gerrit image:
docker run -p 8080:8080 gerritforge/gerrit-ubuntu15.04[:version]
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.