Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
all os
-
-
Yes
-
Empty show more show less
-
5.1.1
Description
The registration of BouncyCastleProvider in info.magnolia.license.KeyGenerator and info.magnolia.license.LicenseProcessor with "Security.addProvider(new BouncyCastleProvider());" is changing JVM-settings and therefore all WARs in an Appserver are seeing this registration and classes of BouncyCastle.
If another WAR wants to use another version of BouncyCastle this can lead to Classloader issues. The Provider is also not removed on WAR-undeploy -> Memory-Leak.
In a WAR "Security.addProvider()" should be never used, because of all side-effects for other WARs ->
Checklists
Acceptance criteria
Attachments
Issue Links
- clones
-
MAGNOLIA-5248 Memory-Leak/Classloader errors because BouncyCastleProvider is registered for all WARs
-
- Closed
-