PH21564: java.lang.SecurityException possible from messaging component calls to System.getProperty("line.separator")

Fixes are available

20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5

APAR status

Closed as program error.

Error description

java.lang.SecurityException possible from messaging
component calls to System.getProperty("line.separator")

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server Liberty - Messaging Providers        *
****************************************************************
* PROBLEM DESCRIPTION: java.lang.SecurityException possible    *
*                      from messaging component when Java 2    *
*                      Security is enabled                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A java.lang.SecurityException is possible from messaging
component calls to System.getProperty("line.separator") when
Java 2 Security is enabled.  These calls are being made from
trace code formatting various trace points within the messaging
component.  When Java 2 Security is enabled, the affected trace
points are enabled, and there happens to be user code in the
calling stack to the trace point, the desired information in the
trace point might be omitted from the captured trace
information, an FFDC for a java.lang.SecurityException from
messaging code might be recorded, and expected function might be
skipped.

These behaviours might complicate investigation of other
messaging problems using the enablement of trace.

Problem conclusion

WebSphere replaced all messaging calls to
System.getProperty("line.separator") with
System.lineSeparator(), which has been available as a Java API
since Java 7.  Using this function does not cause a Security
check, and therefore solves the possibility of encountering the
problem.

The fix for this APAR is currently targeted for inclusion in fix
pack 20.0.0.2.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PH21564
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-01-29
Closed date
2020-02-05
Last modified date
2020-02-05

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814

Applicable component levels

RCD0 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
14 October 2021

Tips

PH21564: java.lang.SecurityException possible from messaging component calls to System.getProperty("line.separator")

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

RCD0 PSY

Document Information

Share your feedback

Need support?