Initial feedback from Apache Ant users on recent security manager warning messages
Alan Bateman
Alan.Bateman at oracle.com
Mon Jun 28 18:51:57 UTC 2021
On 28/06/2021 18:16, Jaikiran Pai wrote:
>
> On a slightly related note, I was wondering why we decided to go with
> what appears to be a bit more aggressive approach to these warning
> messages as compared to what was done with the illegal reflective
> access warnings? I would have thought that the illegal reflective
> access changes would be much more involved if not the same level as
> moving away from setSecurityManager calls.
The typical SM setup will be to set it once, the Ant "same JVM" scenario
where it sets and then resets it may be unusual.
In any case, the original implementation patch did have caching to avoid
duplicates. It wasn't quite right and had to be pulled, it may be time
to re-visit that to avoid too much noise for code that sets it many times.
-Alan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210628/4836790e/attachment.htm>
More information about the security-dev
mailing list