(tomcat) branch 9.0.x updated: Use server's ClassLoader instead of application's when loading XMLInputFactory.

Fri, 22 Mar 2024 06:38:42 -0700 

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new a2167e13c1 Use server's ClassLoader instead of application's when 
loading XMLInputFactory.
a2167e13c1 is described below

commit a2167e13c19115aecd220cd3be19d43d36126f3b
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Fri Mar 22 09:37:08 2024 -0400

    Use server's ClassLoader instead of application's when loading 
XMLInputFactory.
---
 java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++-
 webapps/docs/changelog.xml                            | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java 
b/java/org/apache/jasper/compiler/EncodingDetector.java
index bac9ade2ee..cf3b623104 100644
--- a/java/org/apache/jasper/compiler/EncodingDetector.java
+++ b/java/org/apache/jasper/compiler/EncodingDetector.java
@@ -35,7 +35,8 @@ class EncodingDetector {
 
     private static final XMLInputFactory XML_INPUT_FACTORY;
     static {
-        XML_INPUT_FACTORY = XMLInputFactory.newInstance();
+        XML_INPUT_FACTORY = 
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
+                EncodingDetector.class.getClassLoader());
     }
 
     private final String encoding;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a3f4eb131f..b36849fec5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -150,6 +150,11 @@
         and the web application is deployed as a WAR file rather than an
         unpacked directory. (markt)
       </fix>
+      <fix>
+        Prevent the web application's ClassLoader from being pinned by the JSP
+        compiler if an application uses a custom XMLInputFactory. Based upon a
+        suggestion from Simon Niederberger. (schultz)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to