[
https://issues.apache.org/jira/browse/BEANUTILS-112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory updated BEANUTILS-112:
--------------------------------------
Fix Version/s: 1.10.2
(was: 1.10.1)
> [beanutils] defaultTransformers is public in BeanMap class
> ----------------------------------------------------------
>
> Key: BEANUTILS-112
> URL: https://issues.apache.org/jira/browse/BEANUTILS-112
> Project: Commons BeanUtils
> Issue Type: Bug
> Components: Bean-Collections
> Affects Versions: 1.7.0
> Environment: Operating System: other
> Platform: Other
> Reporter: Simon Kitching
> Assignee: Niall Pemberton
> Priority: Major
> Fix For: 1.10.2
>
>
> The BeanMap class in the "optional" section has:
> public static HashMap defaultTransformers = new HashMap();
> I think this is a *really* bad idea.
> Firstly, because it's static, various parts of an application can interact in
> unexpected ways. For example, some library your code is calling might,
> unexpectedly, add a transformer to the default transformers causing surprising
> effects.
> That's even more interesting if the library (commons-collections or
> commons-beanutils) is deployed via a shared webapp in a container. In that
> case,
> one webapp can have side-effects on other webapps.
> And because it's a public member, there is no way to control access to this
> field.
> This class was in commons-collections since 1.0. It was copied into
> commons-beanutils before the 1.7.0 release, and deprecated in
> commons-collections.
> This class is only in the "optional" section, and is not used by the core
> beanutils code.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
