Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P2
Fix Version/s: 9
Affects Version/s: 9
Component/s: other-libs
Labels:

Subcomponent:
corba
Resolved In Build:
b142
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8197291	8u192	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8195474	8u172	Roger Riggs	P2	Resolved	Fixed	b03
JDK-8190076	8u162	Roger Riggs	P2	Resolved	Fixed	b04
JDK-8183800	8u161	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8168645	8u152	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8169810	8u151	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8171763	8u141	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8171584	8u131	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8171102	8u121	Roger Riggs	P2	Closed	Fixed	b13
JDK-8192329	emb-8u161	Roger Riggs	P2	Resolved	Fixed	b01
JDK-8184633	emb-8u151	Unassigned	P2	Resolved	Fixed	b01
JDK-8178653	emb-8u141	Unassigned	P2	Resolved	Fixed	b01
JDK-8173547	emb-8u131	Unassigned	P2	Resolved	Fixed	b01
JDK-8171170	emb-8u121	Roger Riggs	P2	Resolved	Fixed	b13
JDK-8175468	openjdk7u	Roger Riggs	P2	Resolved	Fixed	master

As things currently stand, code can use setAccessible(true) to break into non-public types/members in exported packages (but not non-exported packages). The proposal is to change this so that setAccessible(true) cannot be used to break in unless the package is open.

This change will break the IIOP serialization/deserialization code. We thought it was using Unsafe but it is instead using core reflection + setAccessible(true). This will needed to be changed quickly as CORBA/IIOP will otherwise be broken.

In addition, IIOP is using setAccessible(true) to get at non-public readObject/writeObject methods. We may have to add new methods to ReflectionFactory to help this use-case and change the IIOP implementation to use those.

backported by

JDK-8168645 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8169810 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8171170 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8171584 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8171763 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8173547 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8175468 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8178653 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8183800 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8184633 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8190076 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8192329 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8195474 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8197291 ReflectionFactory support for IIOP and custom serialization

Resolved

JDK-8171102 ReflectionFactory support for IIOP and custom serialization

Closed

relates to

JDK-8168980 Reinstate sun.reflect.ReflectionFactory.newConstructorForSerialization(Class,Constructor)

Resolved

JDK-8164909 Eliminate use of JDK internal APIs

Closed

JDK-8168613 CORBA ObjectStreamTest fails with address in use

Resolved

JDK-8335438 Add missing serialization functionality to sun.reflect.ReflectionFactory

Closed

(10 backported by, 4 relates to)

Assignee:: Roger Riggs

Reporter:: Alan Bateman

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2016-08-27 01:53

Updated:: 2024-10-09 11:31

Resolved:: 2016-10-24 11:56

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates