The webrev with the changes is here: https://bugs.openjdk.java.net/browse/JDK-8210496
Mandy has already reviewed the CSR [1]. -Alan [1] https://bugs.openjdk.java.net/browse/JDK-8210522
Core reflection has a filtering mechanism to hide a number of fields
that are critical to security or the integrity of the runtime. It's a
bit of a band aid but it helps to reduce hacking on fields such as
java.lang.System.security and java.lang.Class.classLoder. I'd like to
extend the filters to hide a few additional fields from
integrity-sensitive (and non-serializable) classes in java.lang.reflect
and java.lang.invoke. There are of course a number of nasty hacks around
that might break due to this but these hacks would be broken anyway with
simple rename or other innocent refactoring (we had some of this during
JDK 11 when Mandy fixed JDK-8202113 for example).
- 8210496: Improve filtering for classes with security sensitiv... Alan Bateman
- Re: 8210496: Improve filtering for classes with security... Alan Bateman
- Re: 8210496: Improve filtering for classes with secu... Peter Levart
- Re: 8210496: Improve filtering for classes with ... Alan Bateman
- Re: 8210496: Improve filtering for classes w... mandy chung
- Re: 8210496: Improve filtering for classes with secu... mandy chung
