Audit finding C2 — theoretical, LOW-MEDIUM.
Session uses raw epoch millis for seq and Math.abs for duration (sentry/src/main/java/io/sentry/Session.java:226-240):
- A backward clock step between updates → the newer update has a smaller
seq → the server can discard the latest session state (lost end/error counts).
calculateDurationTime uses Math.abs, which masks negative durations rather than surfacing them.
Source: JAVA-557 §C2.
Audit finding C2 — theoretical, LOW-MEDIUM.
Sessionuses raw epoch millis forseqandMath.absfor duration (sentry/src/main/java/io/sentry/Session.java:226-240):seq→ the server can discard the latest session state (lost end/error counts).calculateDurationTimeusesMath.abs, which masks negative durations rather than surfacing them.Source: JAVA-557 §C2.