[
https://issues.apache.org/jira/browse/BATIK-1048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17083398#comment-17083398
]
J. Koch commented on BATIK-1048:
--------------------------------
Is there a workaround for this bug?
> BATIK includes signed classes from commons-io causing security conflicts
> ------------------------------------------------------------------------
>
> Key: BATIK-1048
> URL: https://issues.apache.org/jira/browse/BATIK-1048
> Project: Batik
> Issue Type: Bug
> Affects Versions: 1.6
> Reporter: Jim Garrison
> Priority: Major
>
> batik-pdf includes, embedded within it, some classes from
> org.apache.commons.io, specifically CopyUtils and IOUtils. The jar file is
> signed. When this jar file is used in a system that also includes the
> unsigned commons-io.jar it is possible to get a SecurityException because the
> JVM may try to load one of these classes from the unsigned jar after having
> loaded the other one from Batik's jar. I think this problem is exacerbated
> by OSGi.
> In any event, commons-io should be a dependency, NOT partially embedded in
> batik-pdf. If you must embed it, then change the package name so it does not
> conflict.
> See also https://bugs.eclipse.org/bugs/show_bug.cgi?id=363903 -- the real
> issue is here in the batik-pdf jar file (and possibly in other Batik jar
> files as well).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org
