On 31/07/15 18:33, Jörg Schaible wrote: > there's a lot of talk about making sun.misc.Unsafe unaccessible in JDK 9 ... > however, there seems no replacement for the allocateInstance method. > > XStream is relying heavily on this functionality and without it the library > will no longer be able to deserialize a lot of objects from XML. What are > the long-term options?
In the long term we're going to need a more official way for non-core serialization to create uninitialized objects. I suspect it's more likely to look like sun.reflect.ReflectionFactory than Unsafe.allocateInstance. However, the security problems are great. I haven't heard any suggestion about how to expose this feature to user-created libraries without breaking Java security, and I suspect there may be none. Andrew.
