On Thu, 6 Apr 2023 16:15:16 GMT, Johannes Kuhn <jk...@openjdk.org> wrote:
>> I'm not sure how the example shows that this is a security vulnerability? It >> still works fine without the call to `isWrapperInstance` (even if you switch >> to using jdk.internal.misc.Unsafe.class, although that also requires >> `--add-exports` when compiling) > > Sorry, you are supposed to run it with an installed `SecurityManager` of > course. > With an installed `SecurityManager` you should not be able to access classes > in `sun.misc`. Guess I will just nuke the annotation and check for its implemented clause instead. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1160016503
