You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a soundness issue in fragile 1.2.x with regards to Sticky and SemiSticky. For the gory details have a look at #26. Unfortunately that fix cannot be done with the current API provided but I don't feel well having a release out there which has a known issue.
I approached the issue in the following way now: there is now a 1.2.2 release which uses 2.0.0 internally but makes SemiSticky an alias to Sticky and implements Sticky by just leaking memory if not dropped on the main thread. This is pretty suboptimal but at least avoids the potential unsafe behavior. To not get the leak one has to lock to 1.2.1.
Here are the recommendations:
upgrade to 2.x. The new API for SemiSticky and Sticky is not significantly worse, but you will have to change a few calls.
if you don't have the time to upgrade but you don't use Sticky or SemiSticky you can just use 1.2.x. It will internally automatically pull in the fragile type from the 2.x release family.
If you are stuck on a 1.2 family, the 1.2.2 release still has a (deprecated) Sticky and SemiSticky type as I could not remove them, but they will now leak memory if they are not dropped on the right thread. If this causes you issues but you do not have time to address the issue, lock yourself to the 1.2.1 version for now.
The text was updated successfully, but these errors were encountered:
There is a soundness issue in fragile 1.2.x with regards to
StickyandSemiSticky. For the gory details have a look at #26. Unfortunately that fix cannot be done with the current API provided but I don't feel well having a release out there which has a known issue.I approached the issue in the following way now: there is now a 1.2.2 release which uses 2.0.0 internally but makes
SemiStickyan alias toStickyand implementsStickyby just leaking memory if not dropped on the main thread. This is pretty suboptimal but at least avoids the potential unsafe behavior. To not get the leak one has to lock to 1.2.1.Here are the recommendations:
SemiStickyandStickyis not significantly worse, but you will have to change a few calls.StickyorSemiStickyyou can just use 1.2.x. It will internally automatically pull in the fragile type from the 2.x release family.If you are stuck on a 1.2 family, the 1.2.2 release still has a (deprecated)
StickyandSemiStickytype as I could not remove them, but they will now leak memory if they are not dropped on the right thread. If this causes you issues but you do not have time to address the issue, lock yourself to the1.2.1version for now.The text was updated successfully, but these errors were encountered: