https://bz.apache.org/bugzilla/show_bug.cgi?id=66370
--- Comment #7 from Isaac Rivera Rivas <isaacriv...@gmail.com> --- Following the discussion on comment 6, I’ve tried a couple of things for this in Open Liberty. I worked on wrapping up some of the function calls that call out to Expression Language. That required a couple of changes and did fix some of the issues but I realized that other open source we use specifically the hibernate-validator also have calls to EL specifically here https://github.com/hibernate/hibernate-validator/blob/8ed05f71e569b2a9d2fefcaf2c14187443f55be8/engine/src/main/java/org/hibernate/validator/messageinterpolation/ResourceBundleMessageInterpolator.java#L174 which reaches here https://github.com/apache/tomcat/blob/8e2aa5e45ce13388da62386e3cb1dbfa3b242b4b/java/jakarta/el/ELManager.java#L30 in Tomcat EL calling the Util class and hitting the issue. This is just one I’ve found but there could be many other examples of other open source out there which use Tomcat’s EL and run into the same issue using the security manager. In my opinion, the source of the issue is in EL itself and instead of fixing or wrapping the calls to EL in other open sources with privilege blocks, it would be best to fix it in the source of the issue itself. FYI This is the Open Liberty issue following the changes https://github.com/OpenLiberty/open-liberty/issues/23543 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
