[
https://issues.apache.org/jira/browse/LOG4J2-1563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15469276#comment-15469276
]
Gary Gregory commented on LOG4J2-1563:
--------------------------------------
Hi,
We now have:
{code:java}
try {
clazz = LoaderUtil.loadClass(className);
} catch (final ClassNotFoundException | NoClassDefFoundError e) {
return initializeClass(className);
} catch (final SecurityException e) {
return null;
}
{code}
Can you provide a comment for returning a null value?
Gary
> Log4j 2.6.2 can lose exceptions when a security manager is present
> ------------------------------------------------------------------
>
> Key: LOG4J2-1563
> URL: https://issues.apache.org/jira/browse/LOG4J2-1563
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.6.2
> Reporter: Jason Tedor
> Fix For: 2.7
>
> Attachments: throwable-proxy-security-exception-2.6.2.patch
>
>
> When Log4j is rendering an exception, it can attempt to load classes that it
> does not have permissions to load when a security manager is present.
> I have a patch and a failing test case for this; I will submit it shortly.
> This is the backport for LOG4J2-1560.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
