Audit finding C3 — theoretical, LOW.
RateLimiter stores retry-after as epoch Dates (self-consistent), but the "limit lifted" observer callback is scheduled via Timer.schedule(task, absoluteDate). A wall-clock step shifts when it fires (continuous profilers resume late), and a backward step silently extends the drop window.
Shares the same java.util.Timer hazard as the tracer (B1) and session-end (B2) timers.
Source: JAVA-557 §C3.
Audit finding C3 — theoretical, LOW.
RateLimiterstores retry-after as epochDates (self-consistent), but the "limit lifted" observer callback is scheduled viaTimer.schedule(task, absoluteDate). A wall-clock step shifts when it fires (continuous profilers resume late), and a backward step silently extends the drop window.Shares the same
java.util.Timerhazard as the tracer (B1) and session-end (B2) timers.Source: JAVA-557 §C3.