(tomcat) branch main updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

Fri, 22 Mar 2024 06:37:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 988992ba2e Use server's ClassLoader instead of application's when 
loading XMLInputFactory.
988992ba2e is described below

commit 988992ba2e9a8e2c3db47ac960c2fa6c3fc7a8a4
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Fri Mar 22 09:37:08 2024 -0400

    Use server's ClassLoader instead of application's when loading 
XMLInputFactory.
---
 java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++-
 webapps/docs/changelog.xml                            | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index bac9ade2ee..cf3b623104 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,7 +35,8 @@ class EncodingDetector {
 
     private static final XMLInputFactory XML_INPUT_FACTORY;
     static {
-        XML_INPUT_FACTORY = XMLInputFactory.newInstance();
+        XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
+                EncodingDetector.class.getClassLoader());
     }
 
     private final String encoding;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 341c3a6596..0eca891322 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -179,6 +179,11 @@
         and the web application is deployed as a WAR file rather than an
         unpacked directory. (markt)
       </fix>
+      <fix>
+        Prevent the web application's ClassLoader from being pinned by the JSP
+        compiler if an application uses a custom XMLInputFactory. Based upon a
+        suggestion from Simon Niederberger. (schultz)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to