[ https://issues.apache.org/jira/browse/GROOVY-10931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17745857#comment-17745857 ]
Daniel Sun commented on GROOVY-10931: ------------------------------------- Hi Eric, $getLookup implementation can handle all JDKs by the same way, but it has its own flaw as you found, so I am very happy to see the improvement, but I do not understand how the improvement help us avoid the illegal reflective warnings under pre-16 JDKs, so I went to check the output of test build for JDK11 and found some warnings, could you tweak the improvement further more? https://github.com/apache/groovy/actions/runs/5625969498/job/15245826217#step:6:309 > Task :groovy-datetime:testClasses WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v9.Java9 (file:/home/runner/work/groovy/groovy/build/libs/groovy-raw-5.0.0-SNAPSHOT.jar) to method sun.util.calendar.ZoneInfo.equals(java.lang.Object) > Remove $getLookup method generation (Groovy 4+) > ----------------------------------------------- > > Key: GROOVY-10931 > URL: https://issues.apache.org/jira/browse/GROOVY-10931 > Project: Groovy > Issue Type: Wish > Components: class generator, Compiler > Reporter: Eric Milles > Assignee: Eric Milles > Priority: Major > Labels: invokedynamic, jdk16, jdk17 > Fix For: 5.0.0-alpha-1 > > > The new {{$getLookup()}} method was discussed somewhat in the comments of > GROOVY-10273. Groovy 3 has had JEP 396 (illegal access enforcement) support > backported to the invoke dynamic pathways, without {{$getLookup}}. So, I'd > like to restart the discussion to find out if there are any illegal-access > scenarios that Groovy 4 supports that don't have a test case in Groovy 3. > And if there are no scenarios that remain, I'd like to propose the removal of > {{$getLookup}} method generation. > I have disabled its generation in the Groovy 5 codebase, and there are no > tests that fail. So I have good confidence that it can be removed and the > security hole can be plugged. -- This message was sent by Atlassian Jira (v8.20.10#820010)