kagkarlsson / micro-jdbc Goto Github PK

Summary
The function inTransaction() in TransactionManager.java sometimes fails to release a database resource allocated by getConnection() on line 42.The program can potentially fail to release a database resource.

Explanation
Resource leaks have at least two common causes:

• Error conditions and other exceptional circumstances.

• Confusion over which part of the program is responsible for releasing the resource.

Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker may be able to launch a denial of service attack by depleting the resource pool.

Example: Under normal conditions, the following code executes a database query, processes the results returned by the database, and closes the allocated statement object. But if an exception occurs while executing the SQL or processing the results, the statement object will not be closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.

Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(CXN_SQL);
harvestResults(rs);
stmt.close();
Instance ID: 217855466D132190375B688DB47EAC87
Primary Rule ID: B7DFF4A8-9817-4418-A35B-E70D10DC825E
Standards and Best Practices
PCI 3.2
6.5.6 - High Risk Vulnerabilities
STIG 4.1
APSC-DV-002400 CAT II
STIG 4.3
APSC-DV-002400 CAT II
CWE
CWE-404

Our organization requires us to record copyright information for all OpenSource library dependencies. The copyright scanner we use can extract all information from pom.xml. Therefore it would be great if you could add the copyright in the pom.xml or even have it as a separate file in your repository.

Now the latest version of micro-jdbc is 0.3 , but the latest release tag is only 0.2. could you help have a new release tag to match version 0.3