[
https://issues.apache.org/jira/browse/LANG-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory resolved LANG-1794.
-----------------------------------
Fix Version/s: 3.20.1
Resolution: Fixed
[~zhongxin]
I merged the PR. Thank you. Please verify git master and/or a snapshot build
from https://repository.apache.org/content/repositories/snapshots/
> JavaDoc for RandomUtils.secure() incorrectly mentions
> securerandom.strongAlgorithms
> -----------------------------------------------------------------------------------
>
> Key: LANG-1794
> URL: https://issues.apache.org/jira/browse/LANG-1794
> Project: Commons Lang
> Issue Type: Bug
> Components: lang.*
> Affects Versions: 3.20.0
> Reporter: Zhongxin Yan
> Assignee: Gary D. Gregory
> Priority: Major
> Fix For: 3.20.1
>
> Attachments: image-2025-11-26-23-02-17-321.png,
> image-2025-11-26-23-02-35-854.png
>
>
> The current JavaDoc for RandomUtils.secure() states that it “uses an
> algorithms/providers specified in the securerandom.strongAlgorithms Security
> property.” This is misleading. [~ggregory]
> In reality:
> # RandomUtils.secure() uses new SecureRandom() and does not consult the
> securerandom.strongAlgorithms property.
> # The securerandom.strongAlgorithms property is only used by
> RandomUtils.secureStrong(), which internally calls
> SecureRandom.getInstanceStrong() to select a strong algorithm from the
> configured security providers
> {{{}({}}}[Github PR)|https://github.com/apache/commons-lang/pull/1503]
> !image-2025-11-26-23-02-35-854.png|width=562,height=208!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
