RFR JDK-8229785: MethodType::fromMethodDescriptorString should require security permission if loader is null
Mandy Chung
mandy.chung at oracle.com
Mon Sep 9 21:03:35 UTC 2019
MethodType::fromMethodDescriptorString default to use the system class
loader in resolving classes per the given descriptor string if the
loader parameter is null. Since this method accesses the system class
loader on behalf of the caller, it should do a security permission
check as ClassLoader::getSystemClassLoader.
Webrev:
http://cr.openjdk.java.net/~mchung/jdk14/8229785/webrev.00/
CSR:
https://bugs.openjdk.java.net/browse/JDK-8230777
Thanks
Mandy
More information about the core-libs-dev
mailing list