isaacrivriv commented on PR #572: URL: https://github.com/apache/tomcat/pull/572#issuecomment-1341392982
Yes I saw that, my question was more as to why by default the property was made to disable the security manager. There are other areas of code where the security manager is used but there are no properties to disable them. This is why I suggest in this PR to update the property in order to keep the same behavior as the other areas of code that use the security manager if enabled by default. We could use `org.apache.el.GET_CLASSLOADER_IGNORE_PRIVILEGED` instead of `org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED` to disable or enable the security manager in this case which would still have the benefits listed in that issue to not use the security manager but would need to be manually set. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org