On Tue, Jun 11, 2024 at 10:17 AM Alan Bateman <alan.bate...@oracle.com> wrote:
> On 06/06/2024 18:37, David Lloyd wrote: > > Just bumping this one more time. I intend to start by opening a JIRA to > add the two proposed methods to `ReflectionFactory`, and go from there. I > guess that we might need a JEP for the proposed serialization restrictions, > which is going to be considerably more involved, so I'm putting that off as > a second step for now, pending further discussion. > > > I don't think the JDK should be adding another backdoor for serialization > libs to do deep reflection. > > I'm curious, does your serialization library uses the ReflectionFactory to > get method handles to the readObject/writeObject methods (if they are > defined)? > Yes, all of the method-access methods on ReflectionFactory are used, not just for readObject/writeObject but also readObjectNoData, readResolve, and writeReplace, the constructor accessors, and the factory methods for OptionalDataException. We don't use the static initializer one though (maybe the ORB does, I'm not sure). -- - DML • he/him
