RFR: 8301220: Return value of toArray() of Сollection types from java.base should be trusted [v2]
Glavo
duke at openjdk.org
Sat Jan 28 14:36:15 UTC 2023
On Sat, 28 Jan 2023 09:05:04 GMT, Alan Bateman <alanb at openjdk.org> wrote:
> The proposals so far in this PR have major security implications. It's not clear to me this is the right PR to expand into defining a JDK internal notion of trusted collection. I don't wish to discourage contributors in this area but I think it would be better if this issue was owned by an experienced Committer in the area.
If there are senior OpenJDK developers willing to take over this issue, I would like to welcome them very much. But I am worried that this issue has been put on hold, so I still hope to continue to make some attempts before I am sure that someone will take over.
-------------
PR: https://git.openjdk.org/jdk/pull/12212
More information about the core-libs-dev
mailing list