RFR JDK-8229785: MethodType::fromMethodDescriptorString should require security permission if loader is null

Mandy Chung mandy.chung at oracle.com
Mon Sep 9 21:03:35 UTC 2019


MethodType::fromMethodDescriptorString default to use the system class
loader in resolving classes per the given descriptor string if the
loader parameter is null.  Since this method accesses the system class
loader on behalf of the caller, it should do a security permission
check as ClassLoader::getSystemClassLoader.

Webrev:
    http://cr.openjdk.java.net/~mchung/jdk14/8229785/webrev.00/
CSR:
    https://bugs.openjdk.java.net/browse/JDK-8230777

Thanks
Mandy


More information about the core-libs-dev mailing list