This is a follow-on from Bugzilla 46209 - https://issues.apache.org/bugzilla/show_bug.cgi?id=46209.
Findbugs reported several instances of protected static fields that were not final. For example, ConnectionPool: protected static Log log = LogFactory.getLog(ConnectionPool.class); Firstly, does it ever make sense for a log instance to be updated once created? If not, it should be made final to avoid accidents. Secondly, if there is a need to update the log variable, then all access to the log variable needs to be synchronized - which is not ideal when using logging. If a thread creates a new log instance and updates the log variable, there is no guarantee that another thread will ever see the updated value, or if it does, may see a partially created object - unless synchronisation is used. To avoid this happening, the field should be made final. Note that the final qualifier is slightly less important if the field is private, because the defining class has total control over it. However, changes to the log can still cause thread-safety issues. The same applies to all the other such Findbugs reports. Unless non-private static fields really need to be updated, they should be made final to avoid any possible thread-safety issues. And if static fields do need to be updated, then they should be made private and only accessed via synchronised set/get methods, otherwise sub-classes can bypass the synchronisation. [Or of course volatile may be used in some cases, especially for booleans] S/// --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]