Skip to content

fix(socket): release lock on client disconnect to prevent deadlock#55

Open
tolgakaratas wants to merge 3 commits into
mainfrom
fix/jsoup-update
Open

fix(socket): release lock on client disconnect to prevent deadlock#55
tolgakaratas wants to merge 3 commits into
mainfrom
fix/jsoup-update

Conversation

@tolgakaratas
Copy link
Copy Markdown
Contributor

@tolgakaratas tolgakaratas commented Apr 27, 2026

Summary

  • Releases lock when client disconnects without sending transaction (prevents CWE-833 deadlock)
  • Adds null check for controller before unlocking
  • Adds exception handling for edge cases (IllegalStateException, IllegalArgumentException, NullPointerException)
  • Adds fine-level logging for debugging

Changes

  • ServerCommunication.terminateSocket() - now calls unlock() before closing socket

Verification

  • Build passes ✅
  • Tests pass ✅
  • PMD/SpotBugs pass ✅ (empty catch blocks with logging allowed)

Related Alerts

  • Fixes: CWE-833 (Lock Not Released) in code scanning alert

@tolgakaratas
fix(deps): update jsoup 1.10.3 → 1.17.2
ef560ff 
- Update jsoup to 1.17.2 to fix multiple security vulnerabilities
- Update HtmlTools.java NodeTraversor API usage for jsoup 1.17 compatibility
- Also fix Makefile audit to scan build/ directory only (was reverted)

Fixes: GHSA-m72m-mhq2-9p6c, GHSA-gp7f-rwcx-9369
@tolgakaratas
fix(security): add top-level permissions read-all to release workflow
99846aa 
- Follows least privilege principle per Scorecard Token-Permissions check
- Sets default read-only for all jobs, with write permissions only at job level
- Resolves Code Scanning alert #244
@tolgakaratas
fix(socket): release lock on client disconnect to prevent deadlock
e1e15c9 
- Add unlock() call in terminateSocket() to release lock when client disconnects
- Add null check for controller before unlocking
- Add exception handling for IllegalStateException, IllegalArgumentException, NullPointerException
- Add fine-level logging for debugging

Fixes CWE-833 (Lock Not Released) vulnerability alert
@github-actions github-actions Bot added ci CI/CD changes build Build system changes java Java source changes plugins Plugin changes docs Documentation dependencies Dependency updates labels Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build Build system changes ci CI/CD changes dependencies Dependency updates docs Documentation java Java source changes plugins Plugin changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tolgakaratas