(camel) branch main updated: Fixes CAMEL-22944<: Box avoid SecureRandom as static variable (#21211)

Mon, 02 Feb 2026 04:09:09 -0800 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new d52df20498c7 Fixes CAMEL-22944<: Box avoid SecureRandom as static 
variable (#21211)
d52df20498c7 is described below

commit d52df20498c7d9bde843b74e8feace5163791d8e
Author: JiriOndrusek <[email protected]>
AuthorDate: Mon Feb 2 13:08:49 2026 +0100

    Fixes CAMEL-22944<: Box avoid SecureRandom as static variable (#21211)
---
 .../org/apache/camel/component/box/internal/BoxConnectionHelper.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git 
a/components/camel-box/camel-box-component/src/main/java/org/apache/camel/component/box/internal/BoxConnectionHelper.java
 
b/components/camel-box/camel-box-component/src/main/java/org/apache/camel/component/box/internal/BoxConnectionHelper.java
index 5c16b1fc6b70..62d72cf6e78f 100644
--- 
a/components/camel-box/camel-box-component/src/main/java/org/apache/camel/component/box/internal/BoxConnectionHelper.java
+++ 
b/components/camel-box/camel-box-component/src/main/java/org/apache/camel/component/box/internal/BoxConnectionHelper.java
@@ -22,9 +22,9 @@ import java.net.SocketAddress;
 import java.net.URI;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.SecureRandom;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -53,7 +53,6 @@ import org.jsoup.select.Elements;
 public final class BoxConnectionHelper {
 
     private static final Pattern QUERY_PARAM_PATTERN = 
Pattern.compile("&?([^=]+)=([^&]+)");
-    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
 
     private BoxConnectionHelper() {
         // hide utility class constructor
@@ -98,7 +97,7 @@ public final class BoxConnectionHelper {
             }
 
             // generate anti-forgery token to prevent/detect CSRF attack
-            final String csrfToken = String.valueOf(SECURE_RANDOM.nextLong());
+            final String csrfToken = UUID.randomUUID().toString();
 
             final String authorizeUrl = 
authorizationUrl(configuration.getClientId(), csrfToken);

Reply via email to