Hi, I think I've fixed[1] all stream leaks to files or streams opened by classLoader.getResoureAsStream(). I intentionally ignored all streams opened bu UrlConnection, because the issue with the connection pooling has to be researched. I also reopened [2] because the patch is only for slurp(File) and not for slurp(URL) or slurp(InputStream) which should not close the stream.
[1] https://github.com/apache/tomee/pull/44 [2] https://github.com/apache/tomee/pull/40 Svetlin 2016-09-14 10:58 GMT+03:00 Romain Manni-Bucau <[email protected]>: > Tomee is java 7 for 7.x by spec do java 8 is not an option > > On the fixes: ensure to unit test each non trivial fix but you can put all > the "same" category ones in the same pr. Like "ensure streams are closed". > Side note on this particular one: since we pool connections sometimes > closing the stream would break it at runtime so unit testing is mandatory. > > Thanks to have a look to that > > Le 14 sept. 2016 09:48, "Mitia Alexandrov" <[email protected]> a > écrit : > > > Hello, > > I've made several such runs from Idea but mainly for Java 8fy reasons. > > There are also several thousand places where the code may be rewritten > with > > java 8 constructions. > > > > Regards, > > > > Mitia > > > > 2016-09-14 10:35 GMT+03:00 Svetlin Zarev <svetlin.angelov.zarev@gmail. > com > > >: > > > > > Dear TomEE developers, > > > > > > I've been running static code analysis (fortify) against TomEE 7 and > as a > > > result I have a list of more than 8000 potential issues (I hope most of > > > them are false positives). Unfortunately I'm not allowed to share the > > list > > > itself. > > > > > > Either way I'll have to go through that list and review every single > > > report, but it's impractical to open a bug report for every single > issue. > > > > > > So here are my questions: > > > * What would be the best way to handle the situation ? > > > * What's the minimum severity level that's worth reporting ? > > > * Should I open jira tickets for the minot/trivial/bad-practices > issues ? > > > * Should I provide PullRequests for the low priority issues or just for > > the > > > higher priority ones? > > > > > > > > > Kind regards, > > > Svetlin > > > > > >
