From 36ce18c4f4d80eb25bdc6c06965b14b1f7a2189a Mon Sep 17 00:00:00 2001
From: Radoslav Husar <radosoft@gmail.com>
Date: Tue, 3 Dec 2024 15:40:44 +0100
Subject: [PATCH] Fix SecuritySupport TCCL leak. (#411)

---
 .../smallrye/opentelemetry/api/SecuritySupport.java  | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/io/smallrye/opentelemetry/api/SecuritySupport.java b/api/src/main/java/io/smallrye/opentelemetry/api/SecuritySupport.java
index 16e85f34..cc20a7a0 100644
--- a/api/src/main/java/io/smallrye/opentelemetry/api/SecuritySupport.java
+++ b/api/src/main/java/io/smallrye/opentelemetry/api/SecuritySupport.java
@@ -3,12 +3,18 @@
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 
-public class SecuritySupport {
+/**
+ * SecuritySupport for the io.smallrye.opentelemetry.api package.
+ * <p>
+ * Do not move. Do not change class and method visibility to avoid being called from other
+ * {@link java.security.CodeSource}s, thus granting privilege escalation to external code.
+ */
+class SecuritySupport {
     private SecuritySupport() {
-        throw new UnsupportedOperationException();
+        // Forbid inheritance!
     }
 
-    public static ClassLoader getContextClassLoader() {
+    static ClassLoader getContextClassLoader() {
         if (System.getSecurityManager() == null) {
             return Thread.currentThread().getContextClassLoader();
         } else {