Subject.getPrincipals(), getPublicCredentials(), getPrivateCredentials() are inherently unsafe

Wed Jan 1 18:25:36 UTC 2020

If somebody tries to iterate these collections concurrently with
modification in another thread, the consequences are undefined.

A possible fix is to use CopyOnWriteArrayList as SecureSet.elements field
instead of LinkedList.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200101/13ec091b/attachment.htm>