jerrypeng opened a new pull request #4281: Don't create new instances of user classes during validation URL: https://github.com/apache/pulsar/pull/4281 ### Motivation Currently when users submit functions/source/sinks, the function worker does some pretty extensive checks for java functions. This checks involve loading the user submitted JARs. The problem with this is that user's can put static blocks in their code to execute the code in the environment of the worker/broker which is a security concern. However, static blocks only execute the first time a method (could be constructor) from a user class is called. We can avoid static blocks being executed by simply not creating new instances of the user code. I think this is a more light handed way to solve this problem compared with: https://github.com/apache/pulsar/pull/4223
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
