Apache Commons logo Commons Logging
Apache Commons Logging ™
  • Last Published: 04 Mar 2026
  • |
  • Version: 1.3.6

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
27 22 0 0

Files

Class Bugs
org.apache.commons.logging.LogConfigurationException 1
org.apache.commons.logging.LogFactory 4
org.apache.commons.logging.LogSource 3
org.apache.commons.logging.impl.Jdk13LumberjackLogger 2
org.apache.commons.logging.impl.Jdk14Logger 1
org.apache.commons.logging.impl.Log4JLogger 2
org.apache.commons.logging.impl.LogFactoryImpl 4
org.apache.commons.logging.impl.SimpleLog 4
org.apache.commons.logging.impl.WeakHashtable 1

org.apache.commons.logging.LogConfigurationException

Bug Category Details Line Priority
new org.apache.commons.logging.LogConfigurationException(String, Throwable) may expose internal representation by storing an externally mutable object into LogConfigurationException.cause MALICIOUS_CODE EI_EXPOSE_REP2 61 Medium

org.apache.commons.logging.LogFactory

Bug Category Details Line Priority
org.apache.commons.logging.LogFactory.factories should be both final and package protected MALICIOUS_CODE MS_FINAL_PKGPROTECT 258 Medium
This API (java/io/FileOutputStream.<init>(Ljava/lang/String;Z)V) writes to a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_OUT 1134 Medium
Exception is caught when Exception is not thrown in org.apache.commons.logging.LogFactory.createFactory(String, ClassLoader) STYLE REC_CATCH_EXCEPTION 409 Medium
This web server request could be used by an attacker to expose internal services and filesystem. SECURITY URLCONNECTION_SSRF_FD 951 Medium

org.apache.commons.logging.LogSource

Bug Category Details Line Priority
org.apache.commons.logging.LogSource.logs should be both final and package protected MALICIOUS_CODE MS_FINAL_PKGPROTECT 59 Medium
org.apache.commons.logging.LogSource.logImplctor should be package protected MALICIOUS_CODE MS_PKGPROTECT Not available Medium
org.apache.commons.logging.LogSource.log4jIsAvailable isn't final but should be MALICIOUS_CODE MS_SHOULD_BE_FINAL 83 Medium

org.apache.commons.logging.impl.Jdk13LumberjackLogger

Bug Category Details Line Priority
org.apache.commons.logging.impl.Jdk13LumberjackLogger.getLogger() may expose internal representation by returning Jdk13LumberjackLogger.logger MALICIOUS_CODE EI_EXPOSE_REP 195 Medium
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 163 Medium

org.apache.commons.logging.impl.Jdk14Logger

Bug Category Details Line Priority
org.apache.commons.logging.impl.Jdk14Logger.getLogger() may expose internal representation by returning Jdk14Logger.logger MALICIOUS_CODE EI_EXPOSE_REP 142 Medium

org.apache.commons.logging.impl.Log4JLogger

Bug Category Details Line Priority
Exception thrown in class org.apache.commons.logging.impl.Log4JLogger at new org.apache.commons.logging.impl.Log4JLogger(Logger) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 105 Medium
new org.apache.commons.logging.impl.Log4JLogger(Logger) may expose internal representation by storing an externally mutable object into Log4JLogger.logger MALICIOUS_CODE EI_EXPOSE_REP2 108 Medium

org.apache.commons.logging.impl.LogFactoryImpl

Bug Category Details Line Priority
The method 'getClassLoader(Class)' in class 'LogFactoryImpl' hides a method in class 'LogFactory'. Declare the respective methods non-static or private to eradicate the problem. CORRECTNESS HSM_HIDING_METHOD 173 Medium
The method 'getContextClassLoader()' in class 'LogFactoryImpl' hides a method in class 'LogFactory'. Declare the respective methods non-static or private to eradicate the problem. CORRECTNESS HSM_HIDING_METHOD 184 Medium
The method 'isDiagnosticsEnabled()' in class 'LogFactoryImpl' hides a method in class 'LogFactory'. Declare the respective methods non-static or private to eradicate the problem. CORRECTNESS HSM_HIDING_METHOD 232 Medium
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 904 Medium

org.apache.commons.logging.impl.SimpleLog

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 591 Medium
org.apache.commons.logging.impl.SimpleLog.simpleLogProps is a mutable collection which should be package protected MALICIOUS_CODE MS_MUTABLE_COLLECTION_PKGPROTECT 82 Medium
org.apache.commons.logging.impl.SimpleLog.dateFormatter isn't final but should be MALICIOUS_CODE MS_SHOULD_BE_FINAL 158 High
org.apache.commons.logging.impl.SimpleLog.dateFormatter is a static field of type java.text.DateFormat, which isn't thread safe MT_CORRECTNESS STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE Not available High

org.apache.commons.logging.impl.WeakHashtable

Bug Category Details Line Priority
org.apache.commons.logging.impl.WeakHashtable doesn't override java.util.Hashtable.equals(Object) STYLE EQ_DOESNT_OVERRIDE_EQUALS 1 Medium

Copyright © 2001-2026 The Apache Software Foundation. All Rights Reserved.

Apache Commons, Apache Commons Logging, Apache, the Apache logo, and the Apache Commons project logos are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.