From fdf340306dc337e1de575ce40fc0c80e439679e3 Mon Sep 17 00:00:00 2001
From: Juergen Hoeller <jhoeller@pivotal.io>
Date: Tue, 9 Oct 2018 23:14:05 +0200
Subject: [PATCH] Defensively use Class.forName instead of
 ClassLoader.loadClass

Issue: SPR-17333
---
 .../src/main/java/org/springframework/util/ClassUtils.java  | 4 ++--
 .../main/java/org/apache/commons/logging/LogAdapter.java    | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/spring-core/src/main/java/org/springframework/util/ClassUtils.java b/spring-core/src/main/java/org/springframework/util/ClassUtils.java
index b10f7f8d53c..6fe5907907c 100644
--- a/spring-core/src/main/java/org/springframework/util/ClassUtils.java
+++ b/spring-core/src/main/java/org/springframework/util/ClassUtils.java
@@ -272,7 +272,7 @@ public abstract class ClassUtils {
 			clToUse = getDefaultClassLoader();
 		}
 		try {
-			return (clToUse != null ? clToUse.loadClass(name) : Class.forName(name));
+			return Class.forName(name, false, clToUse);
 		}
 		catch (ClassNotFoundException ex) {
 			int lastDotIndex = name.lastIndexOf(PACKAGE_SEPARATOR);
@@ -280,7 +280,7 @@ public abstract class ClassUtils {
 				String innerClassName =
 						name.substring(0, lastDotIndex) + INNER_CLASS_SEPARATOR + name.substring(lastDotIndex + 1);
 				try {
-					return (clToUse != null ? clToUse.loadClass(innerClassName) : Class.forName(innerClassName));
+					return Class.forName(innerClassName, false, clToUse);
 				}
 				catch (ClassNotFoundException ex2) {
 					// Swallow - let original exception get through
diff --git a/spring-jcl/src/main/java/org/apache/commons/logging/LogAdapter.java b/spring-jcl/src/main/java/org/apache/commons/logging/LogAdapter.java
index db750ecadbb..51a74cec539 100644
--- a/spring-jcl/src/main/java/org/apache/commons/logging/LogAdapter.java
+++ b/spring-jcl/src/main/java/org/apache/commons/logging/LogAdapter.java
@@ -42,19 +42,19 @@ final class LogAdapter {
 		ClassLoader cl = LogAdapter.class.getClassLoader();
 		try {
 			// Try Log4j 2.x API
-			cl.loadClass("org.apache.logging.log4j.spi.ExtendedLogger");
+			Class.forName("org.apache.logging.log4j.spi.ExtendedLogger", false, cl);
 			logApi = LogApi.LOG4J;
 		}
 		catch (ClassNotFoundException ex1) {
 			try {
 				// Try SLF4J 1.7 SPI
-				cl.loadClass("org.slf4j.spi.LocationAwareLogger");
+				Class.forName("org.slf4j.spi.LocationAwareLogger", false, cl);
 				logApi = LogApi.SLF4J_LAL;
 			}
 			catch (ClassNotFoundException ex2) {
 				try {
 					// Try SLF4J 1.7 API
-					cl.loadClass("org.slf4j.Logger");
+					Class.forName("org.slf4j.Logger", false, cl);
 					logApi = LogApi.SLF4J;
 				}
 				catch (ClassNotFoundException ex3) {