You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-dev@xmlgraphics.apache.org by "Jim Garrison (JIRA)" <ji...@apache.org> on 2013/06/20 22:58:22 UTC
[jira] [Created] (BATIK-1048) BATIK includes signed classes from
commons-io causing security conflicts
Jim Garrison created BATIK-1048:
-----------------------------------
Summary: BATIK includes signed classes from commons-io causing security conflicts
Key: BATIK-1048
URL: https://issues.apache.org/jira/browse/BATIK-1048
Project: Batik
Issue Type: Bug
Affects Versions: 1.6
Reporter: Jim Garrison
batik-pdf includes, embedded within it, some classes from org.apache.commons.io, specifically CopyUtils and IOUtils. The jar file is signed. When this jar file is used in a system that also includes the unsigned commons-io.jar it is possible to get a SecurityException because the JVM may try to load one of these classes from the unsigned jar after having loaded the other one from Batik's jar. I think this problem is exacerbated by OSGi.
In any event, commons-io should be a dependency, NOT partially embedded in batik-pdf. If you must embed it, then change the package name so it does not conflict.
See also https://bugs.eclipse.org/bugs/show_bug.cgi?id=363903 -- the real issue is here in the batik-pdf jar file (and possibly in other Batik jar files as well).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-help@xmlgraphics.apache.org