You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Lijing Lin (JIRA)" <ji...@apache.org> on 2018/10/05 16:00:00 UTC
[jira] [Comment Edited] (CODEC-55) make all "business" method
implementations of public API thread safe
[ https://issues.apache.org/jira/browse/CODEC-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639993#comment-16639993 ]
Lijing Lin edited comment on CODEC-55 at 10/5/18 3:59 PM:
----------------------------------------------------------
Hi [~datallah] So is the security vulnerability from WhiteSource false positive? Can you provide further justification? Thanks.
The MEDIUM security warning on commons-codec-1.11.jar says,
"_Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields._"
was (Author: lijinglin@us.ibm.com):
[~datallah]So is the security vulnerability from WhiteSource false positive? Can you provide further justification? Thanks.
The MEDIUM security warning on commons-codec-1.11.jar says,
"_Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields._"
> make all "business" method implementations of public API thread safe
> ---------------------------------------------------------------------
>
> Key: CODEC-55
> URL: https://issues.apache.org/jira/browse/CODEC-55
> Project: Commons Codec
> Issue Type: Wish
> Reporter: Qingtian Wang
> Priority: Major
> Fix For: 1.x
>
> Attachments: CODEC-55-Wrapper-Implementations.patch, concurrentCodecs.diff, concurrentQDiff.diff, urlcodec.patch
>
>
> Maybe most of the implementations are already thread safe. Just such that codec can say so in general...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)