markt-asf commented on issue #144: Variable adds final modifier URL: https://github.com/apache/tomcat/pull/144#issuecomment-470050541 Potential security vulnerabilities should be reported privately to secur...@tomcat.apache.org. Not in a PR or any other public forum. That said, there are no valid security risks here so - fortunately - no harm is done. The additional of final here (and the many, many other places tools such as UCDetector will identify automatically) is more a matter of style than anything else. Making invalid claims of 'security risks' is not helpful. It undermines the credibility of the PR and makes it more likely it will be rejected. We generally do not make changes purely for stylistic reasons. There is a code quality case that could be made for this change but it isn't a particularly strong one. I am -1 on the PR as currently submitted due to the incorrect statement regarding security risks in the commit comment.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
