diff --git a/ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntTaskHolder.java b/ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntTaskHolder.java
index 3b8ad175ca..5cabdd7fc0 100644
--- a/ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntTaskHolder.java
+++ b/ant/src/main/java/org/owasp/dependencycheck/ant/logging/AntTaskHolder.java
@@ -22,10 +22,13 @@
/**
* Holds a reference to the current Ant Task for logging. Replaces the old
* StaticLoggerBinder singleton pattern used with SLF4J 1.x.
+ *
+ * Uses ThreadLocal to ensure thread-safety when Ant runs tasks in parallel.
+ *
*/
public final class AntTaskHolder {
- private static volatile Task task;
+ private static final ThreadLocal task = new ThreadLocal<>();
private AntTaskHolder() {
}
@@ -36,7 +39,7 @@ private AntTaskHolder() {
* @param t the Ant task
*/
public static void setTask(Task t) {
- task = t;
+ task.set(t);
}
/**
@@ -45,6 +48,15 @@ public static void setTask(Task t) {
* @return the Ant task, or null if not set
*/
public static Task getTask() {
- return task;
+ return task.get();
+ }
+
+ /**
+ * Removes the current Ant task from the thread-local storage.
+ * This should be called when the task completes to prevent memory leaks
+ * in environments with thread pooling.
+ */
+ public static void remove() {
+ task.remove();
}
}
diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
index afa1aa6559..5f4f6011af 100644
--- a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
+++ b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
@@ -121,6 +121,7 @@ public final void execute() throws BuildException {
executeWithContextClassloader();
} finally {
Thread.currentThread().setContextClassLoader(current);
+ AntTaskHolder.remove();
}
}