Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use more limiting default visibility settings for JDK types (java.*, javax.*) #3117

Closed
cowtowncoder opened this issue Apr 15, 2021 · 0 comments
Closed

Use more limiting default visibility settings for JDK types (java.*, javax.*) #3117

cowtowncoder opened this issue Apr 15, 2021 · 0 comments
Milestone
2.13.0

Comments

@cowtowncoder
Copy link
Member

With JDK 16 there will be stricter limits on what may be accessed via Reflection: many checks that formerly resulted in a warning will start failing. While this does not cause many breakages so far (based on unit tests), it does seem like there are cases where unnecessary access attempts are made on some JDK types.

One way to reduce these cases would to make default visibility (see @JsonAutoDetect) settings bit stricter for JDK types (as defined by class being under "java." or "javax." packages): specifically, to require "public" visibility for accessors including setters.
This should help reduce access attempts that are not really needed but that may lead to failures.

Beyond this it will probably make sense to also prevent calls to "setAccessible()" for members of same types, but first things first.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.13.0
Development

No branches or pull requests
1 participant
@cowtowncoder