[
https://issues.apache.org/jira/browse/BATIK-1048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15093972#comment-15093972
]
Sean Carroll commented on BATIK-1048:
-------------------------------------
I know this is fairly old but recently stumbled upon this when using the birt
runtime which has a dependency on org.apache.batik.pdf and was curious if any
there are plans to address this?
> BATIK includes signed classes from commons-io causing security conflicts
> ------------------------------------------------------------------------
>
> Key: BATIK-1048
> URL: https://issues.apache.org/jira/browse/BATIK-1048
> Project: Batik
> Issue Type: Bug
> Affects Versions: 1.6
> Reporter: Jim Garrison
>
> batik-pdf includes, embedded within it, some classes from
> org.apache.commons.io, specifically CopyUtils and IOUtils. The jar file is
> signed. When this jar file is used in a system that also includes the
> unsigned commons-io.jar it is possible to get a SecurityException because the
> JVM may try to load one of these classes from the unsigned jar after having
> loaded the other one from Batik's jar. I think this problem is exacerbated
> by OSGi.
> In any event, commons-io should be a dependency, NOT partially embedded in
> batik-pdf. If you must embed it, then change the package name so it does not
> conflict.
> See also https://bugs.eclipse.org/bugs/show_bug.cgi?id=363903 -- the real
> issue is here in the batik-pdf jar file (and possibly in other Batik jar
> files as well).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
