[ https://issues.apache.org/jira/browse/OWB-496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12997619#comment-12997619 ]
Gerhard Petracek commented on OWB-496: -------------------------------------- i agree with mark. it looks quite strange and leads to many questions. we also talked about introducing a spi for not forcing the usage of SecurityUtil furthermore, in wls just the old version works correctly. the rest works without problems -> i don't think it's a security issue. > Don't replace the ProxyFactory classloaderProvider without the intention to > do so > --------------------------------------------------------------------------------- > > Key: OWB-496 > URL: https://issues.apache.org/jira/browse/OWB-496 > Project: OpenWebBeans > Issue Type: Bug > Components: Context and Scopes > Affects Versions: 1.1.0 > Reporter: David Jencks > Assignee: Gurkan Erdogdu > Fix For: 1.1.0 > > > Currently JavassistProxyFactory.getProxyClass() replaces the > ProxyFactory.classloaderProvider on any exception with a classloaderProvider > that is very unlikely to work better than the default. Setting the > classLoaderProvider should be a matter of intentional configuration, not > flailing around after an unexpected exception. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira