(cxf) branch 4.0.x-fixes updated: Switch to SecureRandom for AttachmentUtil (#2533)

Wed, 30 Jul 2025 02:23:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 4.0.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/4.0.x-fixes by this push:
     new fc0e6625c4 Switch to SecureRandom for AttachmentUtil (#2533)
fc0e6625c4 is described below

commit fc0e6625c409d57c56db39af6af887faa5ce9358
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Wed Jul 30 10:13:04 2025 +0100

    Switch to SecureRandom for AttachmentUtil (#2533)
    
    (cherry picked from commit 63355febf99982ca41d68032d305a5f391e965d2)
---
 core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java 
b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
index a8859cb7f0..b6cfc56591 100644
--- a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
+++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
@@ -29,6 +29,7 @@ import java.net.URL;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.security.SecureRandom;
 import java.util.AbstractMap;
 import java.util.AbstractSet;
 import java.util.ArrayList;
@@ -40,7 +41,6 @@ import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
 import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.atomic.AtomicInteger;
@@ -81,7 +81,7 @@ public final class AttachmentUtil {
     private static final AtomicInteger COUNTER = new AtomicInteger();
     private static final String ATT_UUID = UUID.randomUUID().toString();
 
-    private static final Random BOUND_RANDOM = new Random();
+    private static final SecureRandom BOUND_RANDOM = new SecureRandom();
     private static final CommandMap DEFAULT_COMMAND_MAP = 
CommandMap.getDefaultCommandMap();
     private static final MailcapCommandMap COMMAND_MAP = new 
EnhancedMailcapCommandMap();
     
@@ -257,9 +257,6 @@ public final class AttachmentUtil {
 
     public static String getUniqueBoundaryValue() {
         //generate a random UUID.
-        //we don't need the cryptographically secure random uuid that
-        //UUID.randomUUID() will produce.  Thus, use a faster
-        //pseudo-random thing
         long leastSigBits;
         long mostSigBits;
         synchronized (BOUND_RANDOM) {

Reply via email to