[
https://issues.apache.org/jira/browse/AXIS2-4282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688340#action_12688340
]
Jarek Gawor commented on AXIS2-4282:
------------------------------------
I'm not too worried about that. In 99.99% cases no one will try to use ".." in
resource names unless they are trying to hack something or are doing something
totally wrong. But of course, if you want to improve this, please go ahead.
> JarFileClassLoader allows resources to be loaded from locations outside of
> the directory specified in its classpath
> -------------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-4282
> URL: https://issues.apache.org/jira/browse/AXIS2-4282
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: kernel
> Affects Versions: 1.5, nightly
> Reporter: Jarek Gawor
> Assignee: Jarek Gawor
> Fix For: 1.5, nightly
>
>
> If JarFileClassLoader contains one classpath entry that is a directory, it
> will allow resources to be loaded from ANY directory on the file system.
> The JarFileClassLoader should of course only allow resources to be loaded
> from within the directory specified.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
