As commented on https://extranet.atlassian.com/display/~don.willis@atlassian.com/2010/10/07/Confluence+Modz+Detector+Epic+FAIL?focusedCommentId=1912964735#comment-1912964735 Modz detector will pull into memory anything it loads using Tomcat's classloader, which Tomcat will then dutifully hold onto for all time. Confluence might be vulnerable to this, so we need to investigate.

Note that we only configure a modz detector hash (using a maven plugin) inside the confluence distribution build, but there's a commented out copy of that config in the main build, so reproducing this in dev should be straight forward (but double check that the commented out config is up to date!).