Core reflection API is caller-sensitive and bypasses security check if the caller's class loader is an ancestor of the defining class loader of the returned class.

java.io.ObjectStreamClass.forClass and java.io.ObjectStreamField.getType are made @CallerSensitive and perform the same package access as the core reflection API before it returns Class<?> and Field object with the right caller.

We're exploring John's idea to inject the caller class at link time [1] for better performance and the VM has the infrastructure to support static and final methods. These methods are non-static and non-final that will be very difficult to support.

One proposal is to change these 2 methods to perform a stack walk permission check, possibly a new target of SerializablePermission or a new runtime permission. The java policy file will need to be modified while this incompatibility only impacts when applications are run with security manager.

[1] https://bugs.openjdk.java.net/browse/JDK-8020968?focusedCommentId=13611844&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13611844