commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lijing Lin (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CODEC-55) make all "business" method implementations of public API thread safe
Date Fri, 05 Oct 2018 16:00:00 GMT

    [ https://issues.apache.org/jira/browse/CODEC-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639993#comment-16639993
] 

Lijing Lin edited comment on CODEC-55 at 10/5/18 3:59 PM:
----------------------------------------------------------

Hi [~datallah] So is the security vulnerability from WhiteSource false positive? Can you provide
further justification? Thanks.

The MEDIUM security warning on commons-codec-1.11.jar says, 
 "_Not all "business" method implementations of public API in Apache Commons Codec 1.x are
thread safe, which might disclose the wrong data or allow an attacker to change non-private
fields._"


was (Author: lijinglin@us.ibm.com):
[~datallah]So is the security vulnerability from WhiteSource false positive? Can you provide
further justification? Thanks.

The MEDIUM security warning on commons-codec-1.11.jar says, 
"_Not all "business" method implementations of public API in Apache Commons Codec 1.x are
thread safe, which might disclose the wrong data or allow an attacker to change non-private
fields._"

> make all "business" method implementations of public API thread safe 
> ---------------------------------------------------------------------
>
>                 Key: CODEC-55
>                 URL: https://issues.apache.org/jira/browse/CODEC-55
>             Project: Commons Codec
>          Issue Type: Wish
>            Reporter: Qingtian Wang
>            Priority: Major
>             Fix For: 1.x
>
>         Attachments: CODEC-55-Wrapper-Implementations.patch, concurrentCodecs.diff, concurrentQDiff.diff,
urlcodec.patch
>
>
> Maybe most of the implementations are already thread safe. Just such that codec can say
so in general...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message