...
DM_DEFAULT_ENCODING: String to byte or byte to string conversions using default platform encoding instead of consistent standard charset encoding
UI_INHERITANCE_UNSAFE_GETRESOURCE: Calling this.getClass().getResource(...) could give results other than expected if this class is extended by a class in another package.
XXE_DOCUMENT: XML parsing vulnerable to XML External Entities (XXE) when DocumentBuilder supports XML entities while processing XML received from an untrusted source.
OS_OPEN_STREAM_EXCEPTION_PATH: OS: Method may fail to close stream on exception
Changes in 5.1.2
Security
...
consolidation
Consolidated logging by replacing all remaining direct references to the provided dependency of Log4j 1.2.17 with the facade Slf4j. Older versions of Kantega SSO are not affected by CVE-2021-44228, but this release mitigates risk of other vulnerabilities. Read more about the log4j vulnerability here: About the Log4j vulnerability CVE-2021-44228.