On Thu, 13 Mar 2025 15:44:37 GMT, Maurizio Cimadamore <mcimadam...@openjdk.org> wrote:
>> Per Minborg has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 246 commits: >> >> - Merge branch 'master' into implement-jep502 >> - Clean up exception messages and fix comments >> - Rename field >> - Rename method and fix comment >> - Rework reenterant logic >> - Use acquire semantics for reading rather than volatile semantics >> - Add missing null check >> - Simplify handling of sentinel, wrap, and unwrap >> - Fix JavaDoc issues >> - Fix members in StableEnumFunction >> - ... and 236 more: https://git.openjdk.org/jdk/compare/4e51a8c9...d6e1573f > > src/java.base/share/classes/java/lang/StableValue.java line 339: > >> 337: * which would introduce security vulnerabilities. >> 338: * <p> >> 339: * As objects can be set via stable values but never removed, this can >> be a source > > It feels like this could probably be expanded upon -- also covering stable > functions (and morphed into a new section) I do not understand the comment. Each factory has a note on `Serializable` and now there is no general comment about security issues as per comments made earlier. Can you elaborate, please? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23972#discussion_r2004612892
