This is still an open issue. Useful discussion in the upstream bug. One suggested approach is signing of the cache data upon commit to the database to be verified upon retrieval.