Steps to Reproduce

load any zul page (with wpdcache enabled)
after the request take a heap dump and check the cached wpd instances
especially the cached AbstractExtendletMethodInfo objects

Current Result

some of the MethodInfo instances hold references to old Request/Response objects

The next request to those resources will override these cached method arguments with the next Request/Response object.

1) This may either lead to a race condition where requests from 2 users with different locales access the same resource, getting the incorrect resource served.
2) for the time the Request/Response objects are stored this prevents garbage collection

this may lea

Expected Result

No user specific information cached in a shared resource cache

Debug Info

wpd files with specific taglib functions are affected
e.g.:

zul.lang.wpd : https://github.com/zkoss/zk/blob/v8.6.1/zul/src/archive/web/js/zul/lang/zk.wpd#L15-L16
zk.wpd : https://github.com/zkoss/zk/blob/v8.6.1/zk/src/archive/web/js/zk/zk.wpd#L63-L64

Root Cause

here the code replacing the method arguments in the shared MethodInfo object without cleaning up
https://github.com/zkoss/zk/blob/v8.6.1/zk/src/org/zkoss/zk/ui/http/AbstractExtendlet.java#L129-L140

Copying the array mi.arguments before filling the request/response details will prevent the race condition and temporary memory leak.

final Object[] args = mi.arguments.clone();

Workaround