Unfortunately, the newly released wheezy security update 7.0.28-4+deb7u7 also suffers from this problem.
Can it be so that the important part missing is the loop traversing the
class loaders in validateGlobalResourceAccess():
while (cl != null) {
...
cl = cl.getParent();
}
Arne
