[tomcat] branch master updated: Security exception reading system property on JspRuntimeLibrary use

Thu, 08 Oct 2020 00:10:24 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new f913b0d  Security exception reading system property on 
JspRuntimeLibrary use
f913b0d is described below

commit f913b0d3452a1bccbfa11547ef929d380bfd5ef6
Author: remm <r...@apache.org>
AuthorDate: Thu Oct 8 09:09:36 2020 +0200

    Security exception reading system property on JspRuntimeLibrary use
    
    BZ 64794. Load the class more.
---
 java/org/apache/jasper/security/SecurityClassLoad.java | 5 +++--
 webapps/docs/changelog.xml                             | 8 ++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/jasper/security/SecurityClassLoad.java 
b/java/org/apache/jasper/security/SecurityClassLoad.java
index 5240282..77a0d59 100644
--- a/java/org/apache/jasper/security/SecurityClassLoad.java
+++ b/java/org/apache/jasper/security/SecurityClassLoad.java
@@ -42,7 +42,8 @@ public final class SecurityClassLoad {
             loader.loadClass( basePackage + 
"runtime.JspFactoryImpl$PrivilegedGetPageContext");
             loader.loadClass( basePackage + 
"runtime.JspFactoryImpl$PrivilegedReleasePageContext");
             loader.loadClass( basePackage + "runtime.JspFragmentHelper");
-            loader.loadClass( basePackage + "runtime.JspRuntimeLibrary");
+            Class<?> clazz = loader.loadClass( basePackage + 
"runtime.JspRuntimeLibrary");
+            clazz.getConstructor().newInstance();
             loader.loadClass( basePackage + "runtime.PageContextImpl");
             loader.loadClass( basePackage + "runtime.ProtectedFunctionMapper");
             loader.loadClass( basePackage + 
"runtime.ServletResponseWrapperInclude");
@@ -52,7 +53,7 @@ public final class SecurityClassLoad {
             SecurityUtil.isPackageProtectionEnabled();
 
             loader.loadClass( basePackage + "servlet.JspServletWrapper");
-        } catch (ClassNotFoundException ex) {
+        } catch (Exception ex) {
             Log log = LogFactory.getLog(SecurityClassLoad.class);
             log.error(Localizer.getMessage("jsp.error.securityPreload"), ex);
         }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1794c3f..043506d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -56,6 +56,14 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Jasper">
+    <changelog>
+      <fix>
+        <bug>64794</bug>: Security exception reading system property on
+        JspRuntimeLibrary use. (remm)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 10.0.0-M9 (markt)" rtext="release in progress">
   <subsection name="Catalina">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to