From 17e9c8cef44ac342bb41fcedd92641dd03d79a08 Mon Sep 17 00:00:00 2001
From: bamboo_auth <gbs_ops@alfresco.com>
Date: Tue, 10 Jan 2017 11:22:09 +0000
Subject: [PATCH 1/2] [maven-release-plugin] copy for tag surf-parent-6.11


From 07de1136d5ce896c1a6b3ea477bfe733d6344611 Mon Sep 17 00:00:00 2001
From: LMRob <rob@lateralminds.com.au>
Date: Wed, 13 Feb 2019 17:22:40 +0800
Subject: [PATCH 2/2] MNT-20206 Improper Resource Shutdown or Release CWE ID
 404

The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This condition often occurs with resources such as database connections or file handles. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be possible to launch a denial of service attack by depleting the resource pool.

- use try-with-resources pattern to ensure bufferedReader is closed
---
 .../springframework/extensions/surf/DependencyHandler.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/surf/spring-surf/spring-surf/src/main/java/org/springframework/extensions/surf/DependencyHandler.java b/surf/spring-surf/spring-surf/src/main/java/org/springframework/extensions/surf/DependencyHandler.java
index ca704b14..198bc21c 100644
--- a/surf/spring-surf/spring-surf/src/main/java/org/springframework/extensions/surf/DependencyHandler.java
+++ b/surf/spring-surf/spring-surf/src/main/java/org/springframework/extensions/surf/DependencyHandler.java
@@ -668,15 +668,18 @@ public String convertResourceToString(final InputStream in) throws IOException
         {
             final Writer writer = new StringBuilderWriter();
             final char[] buffer = new char[1024];
-            try
+            // MNT-20206: MNT-20206 Improper Resource Shutdown or Release CWE ID 404
+            // LM-2019-02-12
+            try (final Reader reader = new BufferedReader(new InputStreamReader(in, this.charset)))
             {
-                final Reader reader = new BufferedReader(new InputStreamReader(in, this.charset));
+//                final Reader reader = new BufferedReader(new InputStreamReader(in, this.charset));
                 int n;
                 while ((n = reader.read(buffer)) != -1) 
                 {
                     writer.write(buffer, 0, n);
                 }
                 s = writer.toString();
+                             
             } 
             finally 
             {