Password/login control features may cause repository corruption in 3.7.x
If the SymbolGem is committing new symbols concurrently with a login as an application userProfile that has certain password security features enabled, it can cause repository corruption. The corruption is other Gems that have committed references to oops that were provided by the SymbolGem for new symbols, but the SymbolGem failed to commit. These oops may end up not existing, or being reused for unrelated objects.
The circumstances that expose this bug are password/login control features that cause updates to a UserProfile's security data, to update the last login time or the disabled state of the UserProfile. The special system users (SystemUser, SymbolUser, GcUser, DataCurator, Nameless, and HostAgentUser) are not subject to password control and do not write to security data on login. Logins as special userProfiles do not trigger this bug.
The following are the conditions that cause risk:
- an application user login hits a limit specified by its UserProfile's
loginsAllowedBeforeExpiration, and passwordNeverExpires is false.
- passwordAgeLimit is set to a nonzero value for a UserProfile or AllUsers,
and an application user login either succeeds or fails due to the age limit.
- passwordAgeWarning is set to a nonzero value for a UserProfile or AllUsers,
and an application user login a login succeeds.
- staleAccountAgeLimit is set to a nonzero value for a UserProfile or AllUsers,
and an application user login either succeeds, or fails due to the age limit.
- the Stone configuration parameters STN_DISABLE_LOGIN_FAILURE_LIMIT
and STN_DISABLE_LOGIN_FAILURE_TIME_LIMIT are set, and an application
user login fails the specified number of times with the specified time limit.
Note that these parameters are enabled by default, to 15 login failures within
15 minutes.
Note that versions 3.6.x, 3.5.x, and earlier versions are not affected.
Workaround
If you are using a 3.7.x version, do not enable the specified login control features, disable them if they are in use, and upgrade to 3.7.4.3 as soon as it is available.
In the configuration file file used by the Stone, set
STN_DISABLE_LOGIN_FAILURE_LIMIT = 65536;
STN_DISABLE_LOGIN_FAILURE_TIME_LIMIT =1440;
These values can also be set at runtime, but the values will not persist over restart.
The following script will detect if the affected UserProfile login control features are enabled:
| affected |
affected := Array new.
(AllUsers passwordAgeLimit notNil or: [AllUsers passwordAgeWarning notNil
or: [AllUsers staleAccountAgeLimit notNil]])
ifTrue: [affected add: 'AllUsers'].
affected addAll: ((AllUsers select: [:aUP |
aUP passwordAgeLimit notNil or: [aUP passwordAgeWarning notNil
or: [aUP staleAccountAgeLimit notNil or: [aUP loginsAllowedBeforeExpiration notNil]]]]
) collect: [:ea | ea userId]).
^affected printString
Last updated: 7/16/25