--- old/src/share/classes/com/sun/jndi/ldap/VersionHelper.java	2014-07-25 13:53:59.000000000 +0100
+++ new/src/share/classes/com/sun/jndi/ldap/VersionHelper.java	2014-07-25 13:53:59.000000000 +0100
@@ -27,10 +27,15 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import sun.misc.SharedSecrets;
+import java.net.URLClassLoader;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
-abstract class VersionHelper {
+public class VersionHelper {
 
-    private static final VersionHelper helper = new VersionHelper12();
+    private static final VersionHelper helper = new VersionHelper();
 
     VersionHelper() {} // Disallow anyone from creating one of these.
 
@@ -38,8 +43,20 @@
         return helper;
     }
 
-    abstract ClassLoader getURLClassLoader(String[] url)
-        throws MalformedURLException;
+    ClassLoader getURLClassLoader(String[] url)
+        throws MalformedURLException {
+        ClassLoader parent = getContextClassLoader();
+        /*
+         * Classes may only be loaded from an arbitrary URL code base when
+         * the system property com.sun.jndi.ldap.object.trustURLCodebase
+         * has been set to "true".
+         */
+        if (url != null && trustURLCodebase) {
+            return URLClassLoader.newInstance(getUrlArray(url), parent);
+        } else {
+            return parent;
+        }
+    }
 
 
     static protected URL[] getUrlArray(String[] url) throws MalformedURLException {
@@ -50,7 +67,36 @@
         return urlArray;
     }
 
-    abstract Class<?> loadClass(String className) throws ClassNotFoundException;
+    Class<?> loadClass(String className) throws ClassNotFoundException {
+        return Class.forName(className, true, getContextClassLoader());
+    }
+
+    Thread createThread(Runnable r) {
+        AccessControlContext acc = AccessController.getContext();
+        // 4290486: doPrivileged is needed to create a thread in
+        // an environment that restricts "modifyThreadGroup".
+        PrivilegedAction<Thread> act =
+                () -> SharedSecrets.getJavaLangAccess().newThreadWithAcc(r, acc);
+        return AccessController.doPrivileged(act);
+    }
+
+    private ClassLoader getContextClassLoader() {
+        PrivilegedAction<ClassLoader> act =
+                Thread.currentThread()::getContextClassLoader;
+        return AccessController.doPrivileged(act);
+    }
 
-    abstract Thread createThread(Runnable r);
+    /**
+     * Determines whether classes may be loaded from an arbitrary URL code base.
+     */
+    private static final boolean trustURLCodebase;
+
+    static {
+        // System property to control whether classes may be loaded from an
+        // arbitrary URL code base
+        PrivilegedAction<String> act =
+                () -> System.getProperty("com.sun.jndi.ldap.object.trustURLCodebase", "false");
+        String trust = AccessController.doPrivileged(act);
+        trustURLCodebase = "true".equalsIgnoreCase(trust);
+    }
 }