JDK-8230819 : Release Note: MethodType::fromMethodDescriptorString Requires "getClassLoader" Permission
- Type: Sub-task
- Component: core-libs
- Sub-Component: java.lang.invoke
- Affected Version: 14
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2019-09-10
- Updated: 2021-05-14
- Resolved: 2020-08-04
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 14 |
|---|
14Resolved  |
Description
`MethodType::fromMethodDescriptorString` has been changed in this release. When a security manager is present and the `loader` parameter is null, it performs a RuntimePermission("getClassLoader") security permission check. This check ensures that access to the system class loader is permitted.
Existing code that calls `MethodType.fromMethodDescriptorString(desc, null)` might get a `SecurityException` if access to the system class loader is denied. The security policy must be configured to grant the permission. Applications running without a security manager or with a non-null loader are not affected by this change.