Summary: | EL Util class should have doPrivileged block | ||
---|---|---|---|
Product: | Tomcat 9 | Reporter: | Jay S <jsartoris> |
Component: | EL | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | ----- | ||
Hardware: | PC | ||
OS: | All |
Description
Jay S
2018-02-06 02:12:52 UTC
Can you provide a simple test case that demonstrates the problem? I've spent a little time looking a this. It isn't going to occur in normal Tomcat usage. It may occur if el-api.jar and jasper-el.jar are used independently. I'm working on a fix. My local testing found that the class loader structure would need to be fairly unusual to trigger this issue. I therefore opted to wrap all the requests for the TCCL in a privileged action to ensure that all use cases were covered. Fixed in: - trunk for 9.0.9 onwards - 8.5.x for 8.5.32 onwards - 8.0.x for 8.0.53 onwards - 7.0.x for 7.0.89 onwards |