Ok, so to sum up this is what I've gathered. Here is my hypothetical situation. I have a .war running in production. This war embeds an oracle driver in its WEB-INF/lib. Middleware discovers that there is a security vulnerability in this oracle driver and need to do an emergency upgrade of the database driver to a new patch version. My options are:
1. Modify the .war or the exploded .war deleting the old oracle driver and replacing the new one. 2. Involve developers and release management to create a new version of the tag and do a new build. Assuming that my build and release management processes are mature enough to do this and that the .war isn't a thirdparty .war 3. Perhaps modify the tomcat startup scripts to add the new oracle driver to the system classloader? Does anyone see any other options? What are people's thoughts on these options? I personally don't like any of the options. Here are a couple of solutions that I might like a little more. I'd be curious if anyone likes any of these. 1. modify the tomcat startup scripts to provide a standard hook for adding to the system classloader (CATALINA_CLASSPATH)??? 2. Add an optional Classloader similar to the common.loader that is positioned between the system loader and the webapp loader. This loader could be configured the same way the common.loader is configured through a catalina.properties property? Thoughts? Mike -- View this message in context: http://old.nabble.com/Classloader-between-Web-application-and-system-loader-tp27154908p27169031.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
