Good Morning, We are currently using "Openjpa-2.0.1" and in the veracode analysis found this bug in these class :
1. NullSafeConcurrentHashMap.java (Line 240) 2. DistributionPolicy.java (Line 63) 3. ConcurrentReferenceHashMap.java (Line 60) 4. ConcurrentHashMap.java (Line 81) *Type*: Insufficient Entropy *Description:* Standard random number generators do not provide a sufficient amount of entropy when used for security purposes. Attackers can brute force the output of pseudorandom number generators such as rand(). *Recommendations:* If this random number is used where security is a concern, such as generating a session key or session identifier, use a trusted cryptographic random number generator instead. These can be found on the Windows platform in the CryptoAPI or in an open source library such as OpenSSL. Thanks. *David Camilo Espitia* Software Engineer I [image: Logo_Oficial_PayU_Latam_Fondo_Blanco] <http://www.payulatam.com/> Skype: (+57) 1 756 3126 Ext.554 Calle 93 B # 17-25 OF 301 Bogotá - Colombia *Pay**U** Latam* *www.payulatam.com* <http://www.payulatam.com/>
