I've cleaned up the PR to make it more readable. I'll be grateful for any comments.
Svetlin 2016-09-14 16:15 GMT+03:00 Svetlin Zarev <svetlin.angelov.za...@gmail.com>: > Hi, > > I think I've fixed[1] all stream leaks to files or streams opened by > classLoader.getResoureAsStream(). I intentionally ignored all streams > opened bu UrlConnection, because the issue with the connection pooling has > to be researched. I also reopened [2] because the patch is only for > slurp(File) and not for slurp(URL) or slurp(InputStream) which should not > close the stream. > > [1] https://github.com/apache/tomee/pull/44 > [2] https://github.com/apache/tomee/pull/40 > > Svetlin > > 2016-09-14 10:58 GMT+03:00 Romain Manni-Bucau <rmannibu...@gmail.com>: > >> Tomee is java 7 for 7.x by spec do java 8 is not an option >> >> On the fixes: ensure to unit test each non trivial fix but you can put all >> the "same" category ones in the same pr. Like "ensure streams are closed". >> Side note on this particular one: since we pool connections sometimes >> closing the stream would break it at runtime so unit testing is mandatory. >> >> Thanks to have a look to that >> >> Le 14 sept. 2016 09:48, "Mitia Alexandrov" <mitiaalexand...@gmail.com> a >> écrit : >> >> > Hello, >> > I've made several such runs from Idea but mainly for Java 8fy reasons. >> > There are also several thousand places where the code may be rewritten >> with >> > java 8 constructions. >> > >> > Regards, >> > >> > Mitia >> > >> > 2016-09-14 10:35 GMT+03:00 Svetlin Zarev <svetlin.angelov.zarev@gmail.c >> om >> > >: >> > >> > > Dear TomEE developers, >> > > >> > > I've been running static code analysis (fortify) against TomEE 7 and >> as a >> > > result I have a list of more than 8000 potential issues (I hope most >> of >> > > them are false positives). Unfortunately I'm not allowed to share the >> > list >> > > itself. >> > > >> > > Either way I'll have to go through that list and review every single >> > > report, but it's impractical to open a bug report for every single >> issue. >> > > >> > > So here are my questions: >> > > * What would be the best way to handle the situation ? >> > > * What's the minimum severity level that's worth reporting ? >> > > * Should I open jira tickets for the minot/trivial/bad-practices >> issues ? >> > > * Should I provide PullRequests for the low priority issues or just >> for >> > the >> > > higher priority ones? >> > > >> > > >> > > Kind regards, >> > > Svetlin >> > > >> > >> > >
