[ https://issues.apache.org/jira/browse/KARAF-4204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4204: ---------------------------------------- Fix Version/s: 4.0.6 4.1.0 > Weak SecurityManager Check: Overridable Method > ---------------------------------------------- > > Key: KARAF-4204 > URL: https://issues.apache.org/jira/browse/KARAF-4204 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.0.3 > Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.6 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis of the karaf source code. > Non-final methods that perform security checks can be overridden in ways that > bypass security checks. See external issue for more information. > File: exception/src/main/java/java/lang/Exception.java > Line: 137 > Exception.java, lines 137-153: > {code} > 137 public Class[] getThrowableContext(Throwable t) { > 138 try { > 139 Class[] context = getClassContext(); > 140 int nb = 0; > 141 for (;;) { > 142 if (context[context.length - 1 - nb] == t.getClass()) { > 143 break; > 144 } > 145 nb++; > 146 } > 147 Class[] nc = new Class[nb]; > 148 System.arraycopy(context, context.length - nb, nc, 0, nb); > 149 return nc; > 150 } catch (Exception e) { > 151 return null; > 152 } > 153 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)