Patch #43668: Serialize address limit checks during email_addresses#create - Redmine

Actions

Copy link

Patch #43668

closed

Serialize address limit checks during email_addresses#create

Added by Holger Just 22 days ago. Updated 5 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Marius BĂLTEANU

Category:

Database

Target version:

6.0.9

Start date:

Due date:

% Done:

Estimated time:

Description

Admins can define a maximum number of additional email addresses for a user.

However, email_addresses#create is prone to race conditions when checking this limit. If there are many parallel requests to create email addresses for a user, the user may be able to create more than allowed since the check may happen before the other addresses are created.

The attached patch fixes this by ensuring that the check and the subsequent address creation happen serially by explicitly locking the connected user in a transaction. The code is a bit manual as we can't use with_lock or lock! here, given that the User model overwrites the lock! method with unrelated functionality.

Files

0001-Serialize-address-limit-checks-during-email_addresse.patch (1.22 KB) 0001-Serialize-address-limit-checks-during-email_addresse.patch

Holger Just, 2026-01-13 12:32

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Patch #43668

Serialize address limit checks during email_addresses#create

Updated by Go MAEDA 9 days ago

Updated by Marius BĂLTEANU 5 days ago

Updated by Marius BĂLTEANU 5 days ago

Updated by Marius BĂLTEANU 5 days ago