mirror of
https://github.com/lightbend/config.git
synced 2025-03-23 15:50:25 +08:00
fe85a7d9e7
This PR avoids the use of `Class#newInstance`, which is deprecated in Java 9. In particular, previously you could set the `config.strategy` system to an arbitrary class that would get instantiated even if it was not a subclass of `ConfigLoadingStrategy`. This is now checked before instantiating the class. The previous behavior could arguably be considered a security concern when an attacker has write access to system properties, though in such a scenario there are likely many other ways to load arbitrary code. |
||
|---|---|---|
| .. | ||
| src | ||
| .gitignore | ||
| checkstyle-config.xml | ||
| checkstyle-suppressions.xml | ||