You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Bruno P. Kinoshita (JIRA)" <ji...@apache.org> on 2019/07/18 06:15:00 UTC
[jira] [Commented] (IMAGING-232) Close resources in
XpmImageParser.java
[ https://issues.apache.org/jira/browse/IMAGING-232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16887663#comment-16887663 ]
Bruno P. Kinoshita commented on IMAGING-232:
--------------------------------------------
Hi [~gopal008], unfortunately I am not able to reproduce this.
You created this issue 6 days ago. The last modification in XpmImageParser is from May 16th this year.
And the line 86 you mentioned appears to be something else: [https://github.com/apache/commons-imaging/blob/e6893414a699a5f2480f2d18dc9bc9e21a0cf15d/src/main/java/org/apache/commons/imaging/formats/xpm/XpmImageParser.java#L86]
That change to use try-with-resources on all the streams was introduced in 2016: [https://github.com/apache/commons-imaging/commit/114cd8507f6bcc26d4b56bd53c88cd17ee31afbf#diff-f295ab2d366c58ffead715f1e97911da]
So I suspect you used an invalid version with your scanner.
Feel free to re-open in case this issue persists and you are able to point what version on master or on the last release tag has the issue. But please be aware that there is a [guideline for issues regarding securities|https://commons.apache.org/security.html]
Bruno
> Close resources in XpmImageParser.java
> --------------------------------------
>
> Key: IMAGING-232
> URL: https://issues.apache.org/jira/browse/IMAGING-232
> Project: Commons Imaging
> Issue Type: Bug
> Components: imaging.common.*
> Affects Versions: 1.0-alpha1
> Reporter: Gopal Rao
> Priority: Minor
>
> We use Veracode as the security tool to scan vulnerabilities in our organization. Veracode raised an issue with improper closing of the buffered reader. The class is XpmImageParser.java. The line number is 86. This refers to the buffered reader. Can you please close this resource ?
> h1.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)