[
https://issues.apache.org/jira/browse/JCR-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12666134#action_12666134
]
Alexander Klimetschek commented on JCR-1035:
--------------------------------------------
I think this cannot be fixed, since getSession() is part of the JCR API and we
cannot remove this method or throw an exception. The only critical think might
be session.logout() but that should be properly handled in a XA session.
> Jackrabbit JCA - The client can bypass the managed connection and get the
> underlying JCR Session
> ------------------------------------------------------------------------------------------------
>
> Key: JCR-1035
> URL: https://issues.apache.org/jira/browse/JCR-1035
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-jca
> Reporter: Edgar Poce
> Priority: Minor
>
> By using Item.getSession() the client can access the underlying jcr session,
> eventually close the connection and generate a session leak.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
