On Fri, 20 Sep 2024 20:27:00 GMT, Roger Riggs <rri...@openjdk.org> wrote:
>> David M. Lloyd has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Address review comment > > src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java line > 470: > >> 468: return null; >> 469: } >> 470: field.setAccessible(true); > > setAccessible() might need a doPriv to be successful in all cases. Other methods on this class do not use `doPrivileged()` so I thought it would be best to copy them; this, custom serialization libraries are using their own `doPrivileged()` blocks for those methods already. This could probably be safely changed (since a runtime permission is already required to access the user-facing `ReflectionFactory` class anyway), but would it be best to change it all at once? Or would it be better to leave it as is? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/19702#discussion_r1769270696
