RFR: 8324646: Avoid Class.forName in SecureRandom constructor [v2]
Aleksey Shipilev
shade at openjdk.org
Wed Jan 24 18:20:25 UTC 2024
On Wed, 24 Jan 2024 17:57:46 GMT, Oli Gillespie <ogillespie at openjdk.org> wrote:
> Aside: The classes saved here are limited to the 31 explicitly added in Provider.<clinit>. I'm not sure if that helps limit the leak potential significantly?
True. Might not even be an issue in practice.
I think the argument for keeping the code in pre-JDK-8280970 form is a good move for future backports.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17559#discussion_r1465367371
More information about the security-dev
mailing list