Below one is extracted from
http://www.fortify.com/vulncat/en/vulncat/java/race_condition_format_flaw.html
ABSTRACT
The methods parse() and format() in java.text.Format contain a design flaw that can cause one user to see another user's data.
EXPLANATION
The methods parse() and format() in java.text.Format contains a race condition that can cause one user to see another user's data.
Example 1: The code below shows how this design flaw can manifest itself.
While this code will behave correctly in a single-user environment, if two threads run it at the same time they could produce the following output:
Time in thread 1 should be 12/31/69 4:00 PM, found: 12/31/69 4:00 PM
Time in thread 2 should be around 12/29/09 6:26 AM, found: 12/29/09 6:30 AM
In this case, the date from the first thread is shown in the output from the second thread due a race condition in the implementation of format().
So format() is not threadsafe. I am using format() in many places in
servlet. Instead of synchroized the methos or using synch block, can I make the variable local so that it will
thread safe. Please advice that approach will address the above issue.
Instead of gloabl var (private static SimpleDateFormat dateFormat;), making dateFormat as local var will solve the issue for above case