https://bz.apache.org/bugzilla/show_bug.cgi?id=61572
--- Comment #7 from Axel Howind <[email protected]> --- Well, I think this should definitely be fixed. It's only a warning message, and I don't expect this to have any other side effects for the time being. But if you look at the discussions that took place during Java 9 development, the message is: we decided last minute to allow this illegal access to give library/software maintainers time to fix their codebase; we will disallow this access by default in the next major release of Java. (that's not citing, it's just what I recall from memory) So not fixing this is just waiting for failure when the next release comes out. I had looked into this some days ago. The code causing the issue seems to be some kind of hotfix to prevent DOS attacks by using manipulated files (files that contain zip bombs). To do this, an an InputStream field is read and wrapped via reflective access. There's even already a comment in the code that this will break in Java 9, and an explanation on how it should be fixed. The code lies on different paths, one of which seems to be relatively easy to fix. I think the other places are somewhat harder to fix. If I had the time, I'd try to produce a fix. Currently, that's not the case. But if noone else steps up, I hope I could do it before Java 10 GA. ;-) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
