[
https://issues.apache.org/jira/browse/CODEC-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639993#comment-16639993
]
Lijing Lin commented on CODEC-55:
---------------------------------
[~datallah]So is the security vulnerability from WhiteSource false positive?
Can you provide further justification? Thanks.
The MEDIUM security warning on commons-codec-1.11.jar says,
"_Not all "business" method implementations of public API in Apache Commons
Codec 1.x are thread safe, which might disclose the wrong data or allow an
attacker to change non-private fields._"
> make all "business" method implementations of public API thread safe
> ---------------------------------------------------------------------
>
> Key: CODEC-55
> URL: https://issues.apache.org/jira/browse/CODEC-55
> Project: Commons Codec
> Issue Type: Wish
> Reporter: Qingtian Wang
> Priority: Major
> Fix For: 1.x
>
> Attachments: CODEC-55-Wrapper-Implementations.patch,
> concurrentCodecs.diff, concurrentQDiff.diff, urlcodec.patch
>
>
> Maybe most of the implementations are already thread safe. Just such that
> codec can say so in general...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
