[
https://issues.apache.org/jira/browse/JDO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17648243#comment-17648243
]
Tilmann Zäschke commented on JDO-821:
-------------------------------------
Fixed 12 issues labelled as "security". They all involve calling
printStackTrace() on an Exception (java:S4507).
* 8 Issues where inside 'exectck' so they can be ignored (not part of
production code)
* 2 issues were inside 'LegacyJava' and have been removed.
* 2 Issues were in 'javax/jdo.Enhance' and are considered "safe" (I labelled
them as "safe" in SonarCloud). Rationale: The Enhancer is executed before any
data comes into the application so there is no risk of leaking sensitive data
such as passwords. The risk of leaking domain class names is real but deemed
acceptable.
See [PR|https://github.com/apache/db-jdo/pull/66]
> Fix sonarcloud issues of type Bugs
> ----------------------------------
>
> Key: JDO-821
> URL: https://issues.apache.org/jira/browse/JDO-821
> Project: JDO
> Issue Type: Task
> Components: api
> Affects Versions: JDO 3.2.1
> Reporter: Michael Bouschen
> Assignee: Michael Bouschen
> Priority: Major
> Fix For: JDO 3.3
>
>
> The latest sonarcloud run lists 20 bugs in the category Reliability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
