• script-security 1.5 introduced "Additional classpath".
• Those classpaths require administrators' approval.
• Class directories are valid for "Additional classpath".
• Once class directories are appoved, adding or replacing files in sub directories of those class directories no longer require approval.
• This should allow users to use classes that administrators doesn't want to allow.

Possible resolution:

• Don't allow class directories for "Additional classpath"
  • This doesn't cause critical regressions as it is easy to create jar file from class directories.
• When a class directory is specified, check all files in the class directory.
• Leave this as a limitation.

I'll add a test and send a pull request to see this behavior.