Introduction
The saml plugin is impacted by a thread leak for versions 2.0.2 and 2.0.3. This issue might end up with:
- A
java.lang.OutOfMemoryError: unable to create new native thread
. This specifically has a very high impact in OpenShift platforms as OpenShift enforces a default container PID limit of 1024. - Performance issues in the Controller while accessing to the GUI for example.
To confirm you are impacted by this issue, take a thread dump through $JENKINS_URL/threadDump
, or How to generate a thread dump?. Where we will see dozens, or hundreds of threads like the one below. A new thread is created after each login.
"Timer for org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver@f6fe197" id=384439 (0x5ddb7) state=TIMED_WAITING cpu=0%
- waiting on <0x52d088af> (a java.util.TaskQueue)
- locked <0x52d088af> (a java.util.TaskQueue)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
at java.util.TimerThread.run(Timer.java:505)
Environment
- saml-plugin - 2.0.2 and 2.0.3
- CloudBees CI (CloudBees Core)
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
- CloudBees CI (CloudBees Core) on traditional platforms - Client controller
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
- CloudBees Jenkins Platform - Client controller
- CloudBees Jenkins Platform - Operations Center
- CloudBees Jenkins Platform - Client controller
- CloudBees Jenkins Platform - Operations Center
- CloudBees Jenkins Platform - Client controller
- CloudBees Jenkins Platform - Operations Center
- CloudBees Jenkins Distribution
- CloudBees Jenkins Enterprise
- Jenkins LTS
Resolution
The issue was tracked as JENKINS-65513.
The solution for this issue is to upgrade the saml plugin to a version equal, or higher than 2.0.5.
0 Comments