Skip to content

org.springframework.mail.javamail.JavaMailSender setPassword should take a char[] #34312

New issue
New issue
Closed as not planned
Closed as not planned
org.springframework.mail.javamail.JavaMailSender setPassword should take a char[]#34312
Labels
for: external-projectNeeds a fix in external projectstatus: invalidAn issue that we don't feel is valid
@mebigfatguy

Description

@mebigfatguy
mebigfatguy
opened on Jan 23, 2025

We are getting security tooling reports because

JavaMailSender.setPassword(String s)

exists, and thus the password can not be guaranteed to be cleared from memory. If the the api was changed/added to take

JavaMailSender.setPassword(char[] c)

Then the array could be Arrays.fill(c, 0);

when done.

Metadata

Metadata

Assignees

No one assigned

    Labels

    for: external-projectNeeds a fix in external projectstatus: invalidAn issue that we don't feel is valid

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions