db-jdo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Jefferson <a...@datanucleus.org>
Subject Re: Security issue with generated classes
Date Mon, 28 Jul 2008 06:17:50 GMT
Hi Craig,

> I looked at the datanucleus implementation and found that I'm totally
> not qualified to propose a patch. I found the code that needs to be
> changed in org/datanucleus/enhancer/bcel/method/
> JdoReplaceStateManager.java and org/datanucleus/enhancer/asm/method/
> JdoReplaceStateManager.java but that's as far as I could get without
> knowing asm, bcel, and byte-codes.

The ASM-based enhancer is now updated to match the current spec.

The BCEL-based enhancer is not updated since strategic direction is using ASM  
(and the TCK uses ASM). There's a DataNucleus JIRA and a TODO for  
implementing using BCEL if anyone has the time/motivation.

The original code for that method was written for JDO 1.0.0 and never changed  
since seemingly.

Andy  (DataNucleus - http://www.datanucleus.org)

View raw message