Jim Garrison created BATIK-1048:
-----------------------------------
Summary: BATIK includes signed classes from commons-io causing
security conflicts
Key: BATIK-1048
URL: https://issues.apache.org/jira/browse/BATIK-1048
Project: Batik
Issue Type: Bug
Affects Versions: 1.6
Reporter: Jim Garrison
batik-pdf includes, embedded within it, some classes from
org.apache.commons.io, specifically CopyUtils and IOUtils. The jar file is
signed. When this jar file is used in a system that also includes the unsigned
commons-io.jar it is possible to get a SecurityException because the JVM may
try to load one of these classes from the unsigned jar after having loaded the
other one from Batik's jar. I think this problem is exacerbated by OSGi.
In any event, commons-io should be a dependency, NOT partially embedded in
batik-pdf. If you must embed it, then change the package name so it does not
conflict.
See also https://bugs.eclipse.org/bugs/show_bug.cgi?id=363903 -- the real issue
is here in the batik-pdf jar file (and possibly in other Batik jar files as
well).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org
