On Tue, 21 Apr 2026 13:10:04 GMT, Yasumasa Suenaga <[email protected]> wrote:
> I understand it is better to control library dependencies, but it could be > "uncontrollable" eventually if the user tried to use FFM. Not sure what you mean here. We control libsyslookup. > Thus I think it make sence to remove libsyslookup to prevent attacks relates > to library like DLL hijack. Sorry, but I'm not convinced by this argument at all. The JVM uses dozens of other native libraries. Heck, even the JVM itself is a library. I see no reason why having another library would be a problem. ------------- PR Comment: https://git.openjdk.org/jdk/pull/30794#issuecomment-4289225945
