On Mon, 15 Nov 2021 07:33:00 GMT, Martin Grigorov <d...@openjdk.java.net> wrote:
>> Mandy Chung has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 43 commits: >> >> - fix copyright header and typo >> - improve documentation of AccessorUtils >> - Merge branch 'master' of https://github.com/openjdk/jdk into >> reimplement-method-invoke >> - Fall back to the VM native reflection support if method handle cannot be >> created >> - fix bug id in test >> - Merge >> - Merge branch 'master' of https://github.com/openjdk/jdk into >> reimplement-method-invoke >> - Merge branch 'master' of https://github.com/openjdk/jdk into >> reimplement-method-invoke >> - Separate paramFlgas into paramCount and flags fields >> - Minor cleanup. Improve javadoc in CallerSensitiveAdapter >> - ... and 33 more: >> https://git.openjdk.java.net/jdk/compare/9a3e9542...46cb306b > > I have already fixed our build with > https://github.com/apache/wicket/commit/191de985e22b9e0801d5783fbcfa151a25d29ec8 > and > https://github.com/apache/wicket/commit/128125f25c33a4d886386291f24ffe2d195007ac > Depending on your decision whether to make it possible again to drop `final` > for `static` fields I will either revert these changes or not. > The main purpose of my report is to let you know about this "regression". @martin-g Thanks for reporting this. Appreciated. JEP 416 makes `java.lang.reflect` classes *trusted* that reveals this another attempt to change the value of the private final `Field::modifiers` field via reflection. Since JDK 12 after https://bugs.openjdk.java.net/browse/JDK-8210496, all security-sensitive fields in `Field` and other java.lang.reflect classes are filtered from reflective access. In other words, since Java 12, `Field::modifiers` cannot be found through reflection and hence it can't be used to change the value of the modifiers of a field. The implementation of JEP 416 hardens the restriction further. To drop `final` from the modifiers, one should look into using an instrumentation agent, as Alan suggests. ------------- PR: https://git.openjdk.java.net/jdk/pull/5027
