Behavioral change:
- Scanning of remote jars (at
http://
orhttps://
URLs on the classpath) is now disabled by default, for security reasons (sinceClassInfo#loadClass()
could then be loading bytecodes from an unsecure origin). You can re-enable scanning of remote jars using.enableRemoteJarScanning()
before.scan()
. (This should only affect a tiny number of users, so I didn't bump the version number to 4.8.0.)
Bugfix:
- Fix WildFly classpath detection (#287, thanks to @sorontur for the report and testcase project) -- module jars were previously not being detected in WildFly projects.
- Note that this could trigger a major performance regression in WildFly projects, since some WildFly projects include over 1600 module dependencies, and these were not being found previously. You should use package whitelisting and/or jar whitelisting to fix this.