implement the API in the Rhino core. Details are available <ahref="rhino15R4-debugger.html">here</a>. With the new API <ahref="debugger.html">Rhino Debugger</a> provides options to break on function enter/exit, can debug scripts defined by eval and Function construction and scripts loaded prior the debugger were started.
A design flaw in the WrapHandler interface (a call to a Java contructor from
JavaScript would result in a call to wrap the result, which would then be
cast to a Scriptable) inspired the deprecation of that interface and the
introduction of a new class, WrapFactory, that contains a new method called
on the result of a constructor call and can be customized by application if necessary.
<p>
In addition, WrapFactory has the new <tt>setJavaPrimitiveWrap</tt> method to control if instances of Java <tt>String</tt> and <tt>Number</tt> class should be wrapped to special script objects as any other Java objects so a script can access any method <tt>String</tt> and <tt>Number</tt>, or they should be converted to JavaScript primitive strings and numbers.
Igor Bukanov contributed a new security implementation that allows integration with Java2 security model and prevents scripts to escape the security sandbox via eval/Function schemes.
Due to this changes SecuritySupport interface is replaced by ClassShutter and SecurityController, where ClassShutter controls which classes are visible to scripts via LiveConnect and SecurityController provides permission management. For compatibility SecuritySupport is still available as a deprecated interface but only its visibleToScripts method is used as an alias for ClassShutter.visibleToScripts. See API documentation for new classes for details.
<p>
An implementation of SecurityController that uses java policy settings to restrict script permissions based on its URL is available with Rhino shell. See the <ahref="http://lxr.mozilla.org/mozilla/source/js/rhino/toolsrc/org/mozilla/javascript/tools/shell/JavaPolicySecurity.java">JavaPolicySecurity</a> source for details. To activate it, set the <tt>rhino.use_java_policy_security</tt> system property to true when invoking Rhino shell together with installing a security manager.
Due to changes in Rhino implementation and bug fixes in serialization support runtime data serialized in Rhino 1.5 Release 3 can not be read back in the Release 4.
<h3>Scripting of classes from any class loader</h3>
Christopher Oliver contributed code to allow to use the <tt>Packages</tt> object as a constructor taking a class loader argument so a script can access classes defined by that class loader. For example, to access classes from foo.jar file in the current directory, the following can be used:
<pre>
// create class loader
var loader = new java.net.URLClassLoader([new java.net.URL("file:./foo.jar")]);
// create its LiveConnect wrapper
var fooJar = new Packages(loader);
// create an instance of the class For from foo.jar
A new <tt>runCommand</tt> function is added to <ahref="shell.html">Rhino Shell</a> to run external priocesses. For details, see JavaDoc for <ahref="http://lxr.mozilla.org/mozilla/source/js/rhino/toolsrc/org/mozilla/javascript/tools/shell/Global.java">org.mozilla.javascript.tools.shell.Global#runCommand</a>.
