[ https://issues.apache.org/jira/browse/JDO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17648243#comment-17648243 ]
Tilmann Zäschke commented on JDO-821: ------------------------------------- Fixed 12 issues labelled as "security". They all involve calling printStackTrace() on an Exception (java:S4507). * 8 Issues where inside 'exectck' so they can be ignored (not part of production code) * 2 issues were inside 'LegacyJava' and have been removed. * 2 Issues were in 'javax/jdo.Enhance' and are considered "safe" (I labelled them as "safe" in SonarCloud). Rationale: The Enhancer is executed before any data comes into the application so there is no risk of leaking sensitive data such as passwords. The risk of leaking domain class names is real but deemed acceptable. See [PR|https://github.com/apache/db-jdo/pull/66] > Fix sonarcloud issues of type Bugs > ---------------------------------- > > Key: JDO-821 > URL: https://issues.apache.org/jira/browse/JDO-821 > Project: JDO > Issue Type: Task > Components: api > Affects Versions: JDO 3.2.1 > Reporter: Michael Bouschen > Assignee: Michael Bouschen > Priority: Major > Fix For: JDO 3.3 > > > The latest sonarcloud run lists 20 bugs in the category Reliability. -- This message was sent by Atlassian Jira (v8.20.10#820010)