New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DateTimeZone should load it's provider in an AccessController.doPrivileged block #327
Comments
Happy to accept a PR as you are in a better position to test this than me. |
@jodastephen I'm with @s1monw at Elasticsearch. I opened #375 to address this issue so we can close out some user-reported bugs in Elasticsearch since we run under the security manager by default on our current stable releases (and will be non-optional in the next major release). Can we work together to get this integrated and have a version 2.9.4 released? 😄 |
The spec for the getResourceAsStream() does not indicate security manager issues, but the JDK typically wraps the code like this, so it seems reasonable. |
Thanks @jodastephen! Do you have a timeframe in mind for a patch release that contains #375 (and the additional code you added)? |
Done |
Thanks @jodastephen! |
In elasticsearch we run into a testing issue where due to security manager restrictions the default providers could not be loaded. elastic/elasticsearch#14524 The problem here is really that we can't grant the jar it's needed permissions since it doesn't use a
AccessController.doPrivileged block
to load the privider inhttps://github.com/JodaOrg/joda-time/blob/master/src/main/java/org/joda/time/DateTimeZone.java#L483 I am not sure if there are other places where stuff like this is loaded but there might be
The text was updated successfully, but these errors were encountered: