Updated several (transitive) dependencies (OFBIZ-13123)

README.adoc

@@ -640,6 +640,16 @@ want to silence them
 
 `gradlew -PXlint:none build`
 
+[[run-owasp-tool-to-identify-dependency-vulnerabilities-cves]]
+==== Run OWASP tool to identify dependency vulnerabilities (CVEs)
+
+The below command activates a gradle plugin (OWASP) and Identifies and reports
+known vulnerabilities (CVEs) in OFBiz library dependencies. The task takes time
+to complete, and once done, a report will be generated in
+$OFBIZ_HOME/build/reports/dependency-check-report.html
+
+`gradlew -PenableOwasp dependencyCheckAnalyze`
+
 [[setup-eclipse-project-for-ofbiz]]
 ==== Setup eclipse project for OFBiz
 

applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/GiftCertificateServices.java

@@ -827,8 +827,8 @@ public static Map<String, Object> giftCertificatePurchase(DispatchContext dctx,
         String orderEmails = orh.getOrderEmailString();
         String copyMeField = giftCertSettings.getString("purchSurveyCopyMe");
         String copyMeResp = copyMeField != null ? (String) answerMap.get(copyMeField) : null;
-        boolean copyMe = (UtilValidate.isNotEmpty(copyMeField)
-                && UtilValidate.isNotEmpty(copyMeResp) && "true".equalsIgnoreCase(copyMeResp)) ? true : false;
+        boolean copyMe = UtilValidate.isNotEmpty(copyMeField)
+                && UtilValidate.isNotEmpty(copyMeResp) && "true".equalsIgnoreCase(copyMeResp);
 
         int qtyLoop = quantity.intValue();
         for (int i = 0; i < qtyLoop; i++) {

applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/gosoftware/RitaServices.java

@@ -454,7 +454,7 @@ private static RitaApi getApi(Properties props) {
         } catch (RuntimeException e) {
             Debug.logError(e, MODULE);
         }
-        boolean ssl = "Y".equals(props.getProperty("ssl", "N")) ? true : false;
+        boolean ssl = "Y".equals(props.getProperty("ssl", "N"));
 
         RitaApi api = null;
         if (port > 0 && host != null) {

applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/valuelink/ValueLinkServices.java

@@ -1111,8 +1111,8 @@ public static Map<String, Object> giftCardPurchase(DispatchContext dctx, Map<Str
         String orderEmails = orh.getOrderEmailString();
         String copyMeField = EntityUtilProperties.getPropertyValue(paymentConfig, "payment.giftcert.purchase.survey.copyMe", delegator);
         String copyMeResp = copyMeField != null ? (String) answerMap.get(copyMeField) : null;
-        boolean copyMe = (UtilValidate.isNotEmpty(copyMeField)
-                && UtilValidate.isNotEmpty(copyMeResp) && "true".equalsIgnoreCase(copyMeResp)) ? true : false;
+        boolean copyMe = UtilValidate.isNotEmpty(copyMeField)
+                && UtilValidate.isNotEmpty(copyMeResp) && "true".equalsIgnoreCase(copyMeResp);
 
         int qtyLoop = quantity.intValue();
         for (int i = 0; i < qtyLoop; i++) {

applications/content/src/main/java/org/apache/ofbiz/content/ContentManagementServices.java

@@ -816,7 +816,7 @@ public static Map<String, Object> updateOrRemove(DispatchContext dctx, Map<Strin
             }
             pkFields.put(fieldName, fieldValue);
         }
-        boolean doLink = (action != null && "Y".equalsIgnoreCase(action)) ? true : false;
+        boolean doLink = "Y".equalsIgnoreCase(action);
         if (Debug.infoOn()) {
             Debug.logInfo("in updateOrRemove, context:" + context, MODULE);
         }

applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderContentAsText.java

@@ -76,7 +76,7 @@ public Writer getWriter(Writer out, @SuppressWarnings("rawtypes") Map args) {
         }
         final String thisContentId = (String) templateRoot.get("contentId");
         final String xmlEscape = (String) templateRoot.get("xmlEscape");
-        final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId) ? true : false;
+        final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId);
         if (Debug.verboseOn()) {
             Debug.logVerbose("in Render(0), directAssocMode ." + directAssocMode, MODULE);
         }

applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentAsText.java

@@ -75,7 +75,7 @@ public Writer getWriter(Writer out, @SuppressWarnings("rawtypes") Map args) {
         if (Debug.infoOn()) {
             Debug.logInfo("in Render(0), thisSubContentId ." + thisContentId, MODULE);
         }
-        final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId) ? true : false;
+        final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId);
         if (Debug.infoOn()) {
             Debug.logInfo("in Render(0), directAssocMode ." + directAssocMode, MODULE);
         }

applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentCacheTransform.java

@@ -73,7 +73,7 @@ public Writer getWriter(Writer out, @SuppressWarnings("rawtypes") Map args) {
         String strNullThruDatesOnly = (String) templateRoot.get("nullThruDatesOnly");
         Boolean nullThruDatesOnly = (strNullThruDatesOnly != null && "true".equalsIgnoreCase(strNullThruDatesOnly)) ? Boolean.TRUE : Boolean.FALSE;
         String thisSubContentId = (String) templateRoot.get("subContentId");
-        final boolean directAssocMode = UtilValidate.isNotEmpty(thisSubContentId) ? true : false;
+        final boolean directAssocMode = UtilValidate.isNotEmpty(thisSubContentId);
         GenericValue val = null;
         try {
             val = ContentWorker.getCurrentContent(delegator, trail, userLogin, templateRoot, nullThruDatesOnly, contentAssocPredicateId);

applications/manufacturing/src/main/java/org/apache/ofbiz/manufacturing/techdata/TechDataServices.java

@@ -119,7 +119,7 @@ public static Map<String, Object> checkRoutingTaskAssoc(DispatchContext ctx, Map
         Timestamp thruDate = (Timestamp) context.get("thruDate");
         String create = (String) context.get("create");
 
-        boolean createProcess = (create != null && "Y".equals(create)) ? true : false;
+        boolean createProcess = "Y".equals(create);
         List<GenericValue> listRoutingTaskAssoc = null;
 
         try {

applications/marketing/src/main/java/org/apache/ofbiz/sfa/vcard/VCard.java

@@ -295,7 +295,7 @@ public static Map<String, Object> exportVCard(DispatchContext dctx, Map<String,
             }
             String saveToFilename = fullName + ".vcf";
             file = FileUtil.getFile(saveToDirectory + "/" + saveToFilename);
-            Ezvcard.write(vcard).go(file);
+            Ezvcard.write(vcard).go(file.toPath());
         } catch (FileNotFoundException e) {
             Debug.logError(e, MODULE);
             return ServiceUtil.returnError(UtilProperties.getMessage(RES_ERROR,

applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java

@@ -1050,7 +1050,7 @@ public static String determineNextFinalizeStep(HttpServletRequest request, HttpS
                 requireTerm = requireTermStr == null || "true".equalsIgnoreCase(requireTermStr);
             }
             requireAdditionalParty = requireAdditionalPartyStr == null || "true".equalsIgnoreCase(requireAdditionalPartyStr);
-            isSingleUsePayment = singleUsePaymentStr != null && "Y".equalsIgnoreCase(singleUsePaymentStr) ? true : false;
+            isSingleUsePayment = "Y".equalsIgnoreCase(singleUsePaymentStr);
         }
 
         boolean shippingAddressSet = true;

applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java

@@ -535,7 +535,7 @@ public static String restoreAutoSaveList(HttpServletRequest request, HttpServlet
 
         // check to see if we are okay to load this list
         java.sql.Timestamp lastLoad = cart.getLastListRestore();
-        boolean okayToLoad = autoSaveListId == null ? false : (lastLoad == null ? true : false);
+        boolean okayToLoad = autoSaveListId != null && lastLoad == null;
         if (!okayToLoad && lastLoad != null) {
             GenericValue shoppingList = null;
             try {

applications/party/src/main/java/org/apache/ofbiz/party/contact/ContactMechServices.java

@@ -903,7 +903,7 @@ public static Map<String, Object> getPartyContactMechValueMaps(DispatchContext c
             }
         }
         Boolean bShowOld = (Boolean) context.get("showOld");
-        boolean showOld = (bShowOld != null && bShowOld) ? true : false;
+        boolean showOld = Boolean.TRUE.equals(bShowOld);
         String contactMechTypeId = (String) context.get("contactMechTypeId");
         List<Map<String, Object>> valueMaps = ContactMechWorker.getPartyContactMechValueMaps(delegator, partyId, showOld, contactMechTypeId);
         result.put("valueMaps", valueMaps);

applications/party/src/main/java/org/apache/ofbiz/party/party/PartyServices.java

@@ -2262,8 +2262,8 @@ public static Map<String, Object> findPartyById(DispatchContext ctx, Map<String,
         String searchPartyFirstContext = (String) context.get("searchPartyFirst");
         String searchAllIdContext = (String) context.get("searchAllId");
 
-        boolean searchPartyFirst = UtilValidate.isNotEmpty(searchPartyFirstContext) && "N".equals(searchPartyFirstContext) ? false : true;
-        boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) && "Y".equals(searchAllIdContext) ? true : false;
+        boolean searchPartyFirst = !UtilValidate.isNotEmpty(searchPartyFirstContext) || !"N".equals(searchPartyFirstContext);
+        boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) && "Y".equals(searchAllIdContext);
 
         GenericValue party = null;
         List<GenericValue> partiesFound = null;

applications/product/src/main/java/org/apache/ofbiz/product/image/ScaleImage.java

@@ -42,7 +42,7 @@
 import org.apache.ofbiz.entity.util.EntityUtilProperties;
 import org.apache.ofbiz.service.ModelService;
 import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
 
 /**
  * ScaleImage Class

applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/FrameImage.java

@@ -62,7 +62,7 @@
 import org.apache.ofbiz.service.GenericServiceException;
 import org.apache.ofbiz.service.LocalDispatcher;
 import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
 
 public class FrameImage {
 

applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java

@@ -58,7 +58,7 @@
 import org.apache.ofbiz.service.LocalDispatcher;
 import org.apache.ofbiz.service.ModelService;
 import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
 
 /**
  * Product Services

applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java

@@ -65,7 +65,7 @@
 import org.apache.ofbiz.service.LocalDispatcher;
 import org.apache.ofbiz.service.ModelService;
 import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
 
 /**
  * Product Services
@@ -1300,8 +1300,8 @@ public static Map<String, Object> findProductById(DispatchContext ctx, Map<Strin
         String searchProductFirstContext = (String) context.get("searchProductFirst");
         String searchAllIdContext = (String) context.get("searchAllId");
 
-        boolean searchProductFirst = UtilValidate.isNotEmpty(searchProductFirstContext) && "N".equals(searchProductFirstContext) ? false : true;
-        boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) && "Y".equals(searchAllIdContext) ? true : false;
+        boolean searchProductFirst = !UtilValidate.isNotEmpty(searchProductFirstContext) || !"N".equals(searchProductFirstContext);
+        boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) && "Y".equals(searchAllIdContext);
 
         GenericValue product = null;
         List<GenericValue> productsFound = null;

build.gradle

@@ -29,16 +29,28 @@ plugins {
     id 'checkstyle'
     id 'codenarc'
     id 'maven-publish'
-    id 'org.asciidoctor.jvm.convert' version '3.3.2' // 4.0.2 does not compile
-    id 'org.asciidoctor.jvm.pdf' version '3.3.2'     // 4.0.2 does not compile
-    id 'org.owasp.dependencycheck' version '9.0.9' apply false //Not tested after 7.4.4
+    id 'org.asciidoctor.jvm.convert' version '4.0.2'
+    id 'org.asciidoctor.jvm.pdf' version '4.0.2'
+    id 'org.owasp.dependencycheck' version '10.0.2' apply false
     id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
     id 'com.github.ben-manes.versions' version '0.51.0' apply false
     id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
     id "com.github.jakemarsden.git-hooks" version "0.0.2"
     id "com.github.node-gradle.node" version '7.0.2' apply false
 }
 
+/* OWASP plugin
+ *
+ * If project property "enableOwasp" is flagged then
+ * gradle will download required dependencies and
+ * activate Gradle's OWASP plugin and its related tasks.
+ *
+ * Syntax: gradlew -PenableOwasp dependencyCheckAnalyze
+ */
+if (project.hasProperty('enableOwasp')) {
+    apply plugin: 'org.owasp.dependencycheck'
+}
+
 /* DependencyUpdates plugin
  *
  * If project property "enableDependencyUpdates" is flagged then
@@ -94,7 +106,7 @@ javadoc {
         links(
             'https://docs.oracle.com/javase/17/docs/api',
             'https://tomcat.apache.org/tomcat-9.0-doc/servletapi/',
-            'http://docs.groovy-lang.org/docs/groovy-3.0.20/html/api',
+            'http://docs.groovy-lang.org/docs/groovy-4.0.22/html/api',
             'https://commons.apache.org/proper/commons-cli/apidocs'
         )
     }
@@ -276,8 +288,12 @@ checkstyle {
     // 'checkstyle' tool present in the framework and in the official
     // plugins.
     tasks.checkstyleMain.maxErrors = 0
+    // Increase memory for checkstyleMain required for Gradle 8+.
+    tasks.checkstyleMain.maxHeapSize = '1g'
     // Currently there are no errors so we can show new one when they appear
     showViolations = true
+    // Specify tool version so we can keep it up-to-date
+    toolVersion = '10.17.0'
 }
 gitHooks {
     hooks = ['pre-push': 'checkstyleMain codenarcMain codenarcTest']
@@ -492,8 +508,8 @@ task createTenant(group: ofbizServer, description: 'Create a new tenant in your
 
 // ========== Documentation tasks ==========
 tasks.withType(AsciidoctorTask) { task ->
-    inProcess = JAVA_EXEC
-        forkOptions {
+    executionMode = JAVA_EXEC
+        jvm {
             jvmArgs("--add-opens","java.base/sun.nio.ch=ALL-UNNAMED","--add-opens","java.base/java.io=ALL-UNNAMED")
         }
     outputOptions {

dependencies.gradle

@@ -18,9 +18,10 @@
  */
 dependencies {
     implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
+    implementation 'com.google.guava:guava:33.2.1-jre'
     implementation 'com.google.zxing:core:3.5.3'
     implementation 'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
-    implementation 'com.googlecode.ez-vcard:ez-vcard:0.11.3' // 0.12.1 does not compile
+    implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
     implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20220608.1'
     implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.31'
     implementation 'com.ibm.icu:icu4j:74.2'
@@ -51,35 +52,35 @@ dependencies {
     implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
     implementation 'org.apache.logging.log4j:log4j-api:2.20.0' // the API of log4j 2
     implementation 'org.apache.logging.log4j:log4j-core:2.20.0' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
-    implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'. Received status code 401 from server
-    implementation 'org.apache.pdfbox:pdfbox:2.0.31' // 3.0.1 does not compile
+    implementation 'org.apache.poi:poi:5.3.0'
+    implementation 'org.apache.pdfbox:pdfbox:2.0.32' // 3.0.1 does not compile
     implementation 'org.apache.shiro:shiro-core:1.13.0'
     implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.0'
-    implementation 'org.apache.sshd:sshd-core:2.10.0'
-    implementation 'org.apache.sshd:sshd-sftp:2.10.0'
+    implementation 'org.apache.sshd:sshd-core:2.13.1'
+    implementation 'org.apache.sshd:sshd-sftp:2.13.1'
     implementation 'org.apache.tika:tika-core:2.9.2'
-    implementation 'org.apache.tika:tika-parsers:2.5.0'
-    implementation 'org.apache.tika:tika-parser-pdf-module:2.5.0'
-    implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.5.6' // 4.0.3 does not compile
+    implementation 'org.apache.tika:tika-parsers:2.9.2'
+    implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2'
+    implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.6.4' // 4.x+ requires javax.xml.bind -> jakarta.xml.bind namespace change
     implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.91' // Remember to change the version number (9 now) in javadoc block if needed.
     implementation 'org.apache.tomcat:tomcat-jasper:9.0.91'
     implementation 'org.apache.axis2:axis2-kernel:1.8.2'
     implementation 'org.apache.xmlgraphics:batik-anim:1.17'
     implementation 'org.apache.xmlgraphics:batik-util:1.17'
     implementation 'org.apache.xmlgraphics:batik-bridge:1.17'
-    implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4 dependencies are messed up. See https://github.com/moqui/moqui-fop/blob/master/build.gradle
-    implementation 'org.clojure:clojure:1.11.1'
-    implementation 'org.codehaus.groovy:groovy-all:3.0.21'
+    implementation 'org.apache.xmlgraphics:fop:2.9'
+    implementation 'org.clojure:clojure:1.11.3'
+    implementation 'org.apache.groovy:groovy-all:4.0.22'
     implementation 'org.freemarker:freemarker:2.3.33' // Remember to change the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if >= 2.4
 
-    implementation 'org.owasp.esapi:esapi:2.5.3.1'
+    implementation 'org.owasp.esapi:esapi:2.5.4.0'
     implementation 'org.cyberneko:html:1.9.8'
     implementation 'org.springframework:spring-test:5.3.29' //  6.1.4 does not compile
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.2'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.1'
     implementation 'oro:oro:2.0.8'
     implementation 'wsdl4j:wsdl4j:1.6.3'
     implementation 'com.auth0:java-jwt:4.4.0'
-    implementation 'org.jdom:jdom:1.1.3' // don't upgrade above 1.1.3, makes a lot of not obvious and useless complications, see last commits of OFBIZ-12092 for more
+    implementation 'org.jdom:jdom2:2.0.6.1'
     implementation 'com.google.re2j:re2j:1.7'
     implementation 'xerces:xercesImpl:2.12.2'
     implementation('org.mustangproject:library:2.8.0') { // 2.10.0 did not work, cf. OFBIZ-12920 (https://github.com/apache/ofbiz-framework/pull/712#issuecomment-1968960963)
@@ -98,7 +99,8 @@ dependencies {
     runtimeOnly 'net.sf.barcode4j:barcode4j:2.1'
     runtimeOnly 'org.apache.axis2:axis2-transport-http:1.8.2'
     runtimeOnly 'org.apache.axis2:axis2-transport-local:1.8.2'
-    runtimeOnly 'org.apache.derby:derby:10.14.2.0' // 10.17.1.0 does not compile
+    runtimeOnly 'org.apache.derby:derby:10.16.1.1' // 10.17.x.x requires Java 21
+    runtimeOnly 'org.apache.derby:derbytools:10.16.1.1' // 10.17.x.x requires Java 21
     runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
     runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.20.0' // for external jars using the old log4j1.2: routes logging to log4j 2
     runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.20.0' // for external jars using the java.util.logging: routes logging to log4j 2
@@ -108,4 +110,17 @@ dependencies {
 
     // specify last codenarc version for java 17 compliance
     codenarc('org.codenarc:CodeNarc:3.4.0')
+
+    // use constraints to update transitive dependencies
+    constraints {
+        implementation('org.apache.james:apache-mime4j-core:0.8.10') {
+            because 'CVE-2024-21742'
+        }
+        implementation('org.bouncycastle:bcprov-jdk18on:1.78') {
+            because 'CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-34447'
+        }
+        implementation('org.testng:testng:7.7.0') {
+            because 'CVE-2022-4065'
+        }
+    }
 }

framework/base/src/main/groovy/org/apache/ofbiz/base/test/SimpleTests.groovy

@@ -18,12 +18,12 @@
 */
 package org.apache.ofbiz.base.test
 
-import org.apache.ofbiz.testtools.GroovyScriptTestCase
+import org.apache.ofbiz.testtools.GroovyScriptAssert
 
 /**
  * Class validating groovy scripts test engine.
  */
-class SimpleTests extends GroovyScriptTestCase {
+class SimpleTests extends GroovyScriptAssert {
 
     void testTrue() {
         assert 1 + 1 == 2

framework/base/src/main/java/org/apache/ofbiz/base/conversion/BooleanConverters.java

@@ -63,7 +63,7 @@ public IntegerToBoolean() {
 
         @Override
         public Boolean convert(Integer obj) throws ConversionException {
-            return obj == 0 ? false : true;
+            return obj != 0;
         }
     }
 

framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java

@@ -68,7 +68,7 @@ private SSLUtil() { }
         SSLUtil.loadJsseProperties();
     }
 
-    private static class TrustAnyManager implements X509TrustManager {
+    private static final class TrustAnyManager implements X509TrustManager {
 
         @Override
         public void checkClientTrusted(X509Certificate[] certs, String string) throws CertificateException {

framework/base/src/main/java/org/apache/ofbiz/base/util/URLConnector.java

@@ -117,7 +117,7 @@ static URLConnection openUntrustedConnection(URL url, int timeout, String client
     }
 
     // special thread to open the connection
-    private class URLConnectorThread implements Runnable {
+    private final class URLConnectorThread implements Runnable {
         @Override
         public void run() {
             URLConnection con = null;

framework/base/src/main/java/org/apache/ofbiz/base/util/UtilDateTime.java

@@ -1019,7 +1019,7 @@ public static String timeStampToString(Timestamp stamp, String dateTimeFormat, T
     }
 
     // Private lazy-initializer class
-    private static class TimeZoneHolder {
+    private static final class TimeZoneHolder {
         private static final List<TimeZone> AVAIL_TIME_ZONE_LIST = getTimeZones();
 
         private static List<TimeZone> getTimeZones() {