rdblue commented on issue #16469: URL: https://github.com/apache/iceberg/issues/16469#issuecomment-4503413729
This requires a malicious catalog or the ability to modify table metadata. The result is that a class can be loaded, but will be rejected by casts immediately. Without being able to control data passed to the constructor, passed to configure the object, or to inject malicious classes, this is not a problem. I'm closing this because this is not a vulnerability and loading custom implementations is the intended behavior. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
