RFR: 8338536: Permanently disable remote code downloading in JNDI [v3]
Daniel Fuchs
dfuchs at openjdk.org
Wed Nov 20 11:36:42 UTC 2024
On Tue, 19 Nov 2024 20:33:35 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
>> Aleksei Efimov has updated the pull request incrementally with one additional commit since the last revision:
>>
>> clarify factory location usages in NamingManager and jdk.naming.rmi module-info
>
> src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java line 262:
>
>> 260: }
>> 261:
>> 262: worker = new Thread(this);
>
> Rataining a static factory for thread may use useful to be able to customize thread behavior.
>
> It should be considered that the new threads are Virtual threads:
> i.e. `Thread.ofVirtual().startVirtualThread(Runnable)`
This is a good point but orthogonal to the issue we're fixing here. If we decide to change the implementation to use VirtualThread it may have some impact, such as read/receive becoming interruptible. So I believe this kind of enhancement should be carried in their own PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22154#discussion_r1850154290
More information about the core-libs-dev
mailing list