https://bz.apache.org/bugzilla/show_bug.cgi?id=59661
--- Comment #9 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Mark Thomas from comment #8) > I'm -1 on the patch as proposed. It allows the bypassing of the > SecurityManager to access any system property. I've no objection to the > system properties listed in Annex A of the JavaMail spec being explicitly > copied across to be used as defaults where defined. The problem with copying is that you may missed custom attributes for custom providers. Though, being an edge cases, still valid. The other point is that if your Mail does not have a Session associated, Transport with create a default one with the System Properties set. Deating your security concern by default. Have a look at the source code and you will see it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
