-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MailcapCommandMap requires accessDeclaredMembers when Security Manager is enabled #100
Comments
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=github-actions[bot] a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=npepinpe a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=npepinpe a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
zeebe-bors-camunda bot
added a commit
to camunda/camunda
that referenced
this issue
Nov 21, 2023
15315: deps(maven): Update dependency jakarta.activation:jakarta.activation-api to v2.1.2 (main) r=npepinpe a=renovate[bot] [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jakarta.activation:jakarta.activation-api](https://togithub.com/jakartaee/jaf-api) | `2.1.0` -> `2.1.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/jakarta.activation:jakarta.activation-api/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/jakarta.activation:jakarta.activation-api/2.1.0/2.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>jakartaee/jaf-api (jakarta.activation:jakarta.activation-api)</summary> ### [`v2.1.2`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.2): Jakarta Activation 2.1.2 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.1...2.1.2) The 2.1.2 release is a bug fix release of 2.1.x (Jakarta EE 10). Following changes are included: - fix wrong class file version for package-info - add missing javadoc description for MimeTypeEntry getters **Full Changelog**: jakartaee/jaf-api@2.1.1...2.1.2 ### [`v2.1.1`](https://togithub.com/jakartaee/jaf-api/releases/tag/2.1.1): Jakarta Activation 2.1.1 Final Release [Compare Source](https://togithub.com/jakartaee/jaf-api/compare/2.1.0...2.1.1) The 2.1.1 release is a bug fix release of 2.1.0. Following changes are included: - [jakartaee/jaf-api#93 - Use OSGi service loader mediator - [jakartaee/jaf-api#94 - Loading of service provider implementations needs to be done under doPrivileged - [jakartaee/jaf-api#100 - Avoid requiring accessDeclaredMembers permissions #### New Contributors - [`@​yersan](https://togithub.com/yersan)` made their first contribution in [jakartaee/jaf-api#95 **Full Changelog**: jakartaee/jaf-api@2.1.0...2.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
As part of this commit
MailcapCommandMap:620
was modified and now the invoker application requiresaccessDeclaredMembers
permission when running under the SecurityManager. This permission is now required because the class that represents the mime type data content handler is being loaded by using:cl.getDeclaredConstructor().newInstance()
Which will require the
accessDeclaredMembers
permission to load any available constructor regardless of the constructor's access level. However, this piece of code is only dealing with public constructors because the new instance is executed immediately without taking into account the constructor visibility.To avoid breaking existing applications that are being moved to Jakarta 10,
MailcapCommandMap:620
can be replaced withcl.getConstructor().newInstance();
and get the same result without requiring this additional permission.To Reproduce
Deploy a servlet that sends an email with the security manager enabled:
The following is the error trace of the issue:
Expected behavior
I wouldn't expect to have to add this permission to load an expected class that will handle the mime type.
The text was updated successfully, but these errors were encountered: