RFR JDK-8229785: MethodType::fromMethodDescriptorString should require security permission if loader is null
Vicente Romero
vicente.romero at oracle.com
Mon Sep 9 21:46:38 UTC 2019
looks good,
Vicente
On 9/9/19 5:03 PM, Mandy Chung wrote:
> MethodType::fromMethodDescriptorString default to use the system class
> loader in resolving classes per the given descriptor string if the
> loader parameter is null. Since this method accesses the system class
> loader on behalf of the caller, it should do a security permission
> check as ClassLoader::getSystemClassLoader.
>
> Webrev:
> http://cr.openjdk.java.net/~mchung/jdk14/8229785/webrev.00/
> CSR:
> https://bugs.openjdk.java.net/browse/JDK-8230777
>
> Thanks
> Mandy
More information about the core-libs-dev
mailing list