[ https://issues.apache.org/jira/browse/KARAF-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4211: ---------------------------------------- Fix Version/s: (was: 4.0.8) 4.0.9 > Portability Flaw: Locale Dependent Comparison > --------------------------------------------- > > Key: KARAF-4211 > URL: https://issues.apache.org/jira/browse/KARAF-4211 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.0.3 > Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The call to compareTo() on line 109 causes portability problems because it > has different locales which may lead to unexpected output. This may also > circumvent custom validation routines. > File: > features/command/src/main/java/org/apache/karaf/features/command/ListFeaturesCommand.java > Line: 109 > ListFeaturesCommand.java, lines 107-111: > 107 class FeatureComparator implements Comparator<Feature> { > 108 public int compare(Feature o1, Feature o2) { > 109 return o1.getName().toLowerCase().compareTo( > o2.getName().toLowerCase() ); > 110 } > 111 } -- This message was sent by Atlassian JIRA (v6.3.4#6332)