iverase commented on pull request #1849: URL: https://github.com/apache/lucene-solr/pull/1849#issuecomment-689663895
Thanks Uwe for taking the time reviewing this issue. >I have no idea how the stack trace looks like. And under which circumstances you see this bug. Can you post a link to your CI, to see if it is causeed by the CI infrastrcuture? Does it also break with production ready software? How? Stack-trace looks like: ``` java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") | at __randomizedtesting.SeedInfo.seed([7E21C06936079E14:4A7EB7FED693B2BB]:0) | -- | -- | | at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) | | | at java.security.AccessController.checkPermission(AccessController.java:897) | | | at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) | | | at java.lang.Class.checkMemberAccess(Class.java:2847) | | | at java.lang.Class.getDeclaredMethod(Class.java:2471) | | | at java.util.zip.Deflater$DeflaterZStreamRef.get(Deflater.java:991) | | | at java.util.zip.Deflater.<init>(Deflater.java:207) | | | at org.apache.lucene.codecs.lucene87.BugfixDeflater_JDK8252739.<init>(BugfixDeflater_JDK8252739.java:53) | | | at org.apache.lucene.codecs.lucene87.BugfixDeflater_JDK8252739.createDeflaterInstance(BugfixDeflater_JDK8252739.java:43) | ``` I believe It happens every time the runtime environment is set to JDK11 na dit is a affected by the Deflator bug. Here is a link to one of the logs: https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+7.x+matrix-java-periodic-fips/ES_RUNTIME_JAVA=adoptopenjdk11,nodes=general-purpose/212/consoleFull This is un-released code so it is not production ready. > Have you opened a bug report in JDK 10, 11 (it's caused by this change: https://bugs.openjdk.java.net/browse/JDK-8185582)? Should I do? It would be great if you can report it. > The workaround may only work for Elasticsearch, because lucene-core.jar has the accessDeclaredMembers permission given due to the MMapDirectory hack. This is a good point and I agree this fix only works if you give special permissions to the jar. > Maybe we should do another fix for the original bug: As only setDictionary is affected, my proposal would be to not subclass Deflater at all and instead just return an interface only having the Deflater#setDictionary() method. That is another option I considered and it now makes more sense than this approach. +1 not to subclass Deflater. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org