RFR: 8301220: Return value of toArray() of Сollection types from java.base should be trusted [v2]
Alan Bateman
alanb at openjdk.org
Sat Jan 28 09:08:15 UTC 2023
On Fri, 27 Jan 2023 21:02:25 GMT, Glavo <duke at openjdk.org> wrote:
> I think this is feasible, but it should be placed in a sub-package in `jdk.internal`, because some trusted collections are outside `java.util`.
The proposals so far in this PR have major security implications. It's not clear to me this is the right PR to expand into defining a JDK internal notion of trusted collection. I don't wish to discourage contributors in this area but I think it would be better if this issue was owned by experienced Committer in the area.
-------------
PR: https://git.openjdk.org/jdk/pull/12212
More information about the core-libs-dev
mailing list