On 19/12/2017 19:06, David Lloyd wrote:
That's right, this hasn't changed. The issue is that legacy serialization is fundamentally incompatible with strong encapsulation. We did the minimum in JDK 9 (and 8uX) so that custom serialization libraries using Unsafe had a solution to work with modules. The IIOP implementation in the java.corba module was the guinea pig.: It looks like they are using Unsafe for accessing fields, unless I've missed something (I'm looking at sun.corba.Bridge).
-Alan
