On 14/09/2018 18:52, Alan Bateman wrote:
Core reflection has a filtering mechanism to hide a number of fields
that are critical to security or the integrity of the runtime. It's a
bit of a band aid but it helps to reduce hacking on fields such as
java.lang.System.security and java.lang.Class.classLoder. I'd like to
extend the filters to hide a few additional fields from
integrity-sensitive (and non-serializable) classes in
java.lang.reflect and java.lang.invoke. There are of course a number
of nasty hacks around that might break due to this but these hacks
would be broken anyway with simple rename or other innocent
refactoring (we had some of this during JDK 11 when Mandy fixed
JDK-8202113 for example).
The webrev with the changes is here:
https://bugs.openjdk.java.net/browse/JDK-8210496
Sorry, that is the JBS issue, the webrev is here:
http://cr.openjdk.java.net/~alanb/8210496/webrev/index.html
-Alan
