Fix inconsistent ClassLoader usage between class presence check and actual class loading#3588
Open
linw-bai wants to merge 11 commits intoredis:mainfrom
Open
Fix inconsistent ClassLoader usage between class presence check and actual class loading#3588linw-bai wants to merge 11 commits intoredis:mainfrom
linw-bai wants to merge 11 commits intoredis:mainfrom
Conversation
…ctual class loading Fix inconsistent ClassLoader usage between class presence check and actual class loading
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix inconsistent ClassLoader usage between class presence check and actual class loading
Background
LettuceClassUtils#getDefaultClassLoader() currently returns the Thread Context ClassLoader (TCCL) when available.
However, LettuceClassUtils#isPresent(...) relies on this method to check class existence, while the actual class loading is later performed using the ClassLoader of LettuceClassUtils itself.
This leads to an inconsistent ClassLoader strategy:
In environments with multiple ClassLoaders (e.g. OSGi, Servlet containers, shaded applications, plugin systems), this can cause:
This is a classic false-positive detection issue caused by mismatched ClassLoaders.
Root Cause
The root problem is that:
So the class existence check is not aligned with the loader that actually loads the class.
Solution
This PR makes the ClassLoader strategy consistent by:
Note
Medium Risk
Changes the default ClassLoader selection to always use
LettuceClassUtils’ defining loader, which can affect environments that relied on the thread context ClassLoader for resolution. Risk is limited in scope but may alter class discovery/loading behavior in modular/container setups.Overview
Fixes a mismatch in
LettuceClassUtilswhereisPresent(...)could report a class as available using one ClassLoader while subsequent loading used another.getDefaultClassLoader()is simplified to always returnLettuceClassUtils.class.getClassLoader(), ensuring class presence checks and actual loading use the same loader and avoiding false-positiveisPresent(...)results in multi-ClassLoader environments.Written by Cursor Bugbot for commit 3015e7c. This will update automatically on new commits. Configure here.