JDK-8229785 : MethodType::fromMethodDescriptorString should require security permission if loader is null
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.lang.invoke
  • Affected Version: 14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-08-15
  • Updated: 2019-09-26
  • Resolved: 2019-09-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 14
14 b14Fixed
Related Reports
CSR :  
Sub Tasks
JDK-8230819 :  
Description
MethodType::fromMethodDescriptorString default to use the system class loader in resolving classes per the given descriptor string if the loader parameter is null.

This API accesses to the system class loader on behalf of the caller should do a security permission check as ClassLoader::getSystemClassLoader. 
Comments
URL: https://hg.openjdk.java.net/jdk/jdk/rev/41f119856e7c User: mchung Date: 2019-09-10 17:36:09 +0000
10-09-2019

Review thread: https://mail.openjdk.java.net/pipermail/core-libs-dev/2019-September/062256.html
09-09-2019