You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Ignacio Vera (Jira)" <ji...@apache.org> on 2020/09/09 10:08:00 UTC
[jira] [Updated] (LUCENE-9517) BugfixDeflater_JDK8252739 causes
Java security issues in JDk11
[ https://issues.apache.org/jira/browse/LUCENE-9517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ignacio Vera updated LUCENE-9517:
---------------------------------
Description:
We are running into issues when running Elasticsearch CI with java security turned on and using JDK11 (only for the ones that contains the jdk bug ). The errors look like:
{code:java}
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") {code}
The issue seems to be here:
[http://hg.openjdk.java.net/jdk/jdk11/file/1ddf9a99e4ad/src/java.base/share/classes/java/util/zip/Deflater.java#l989]
As we now have a subclass that wants to run this code. Note that this code has been removed in JDK12 and above.
We might need to wrap the creation of this object in a doPriviledged Block or find a different solution that does not need to subclass the Deflater class.
cc: [~uschindler]
was:
We are running into issues when running Elasticsearch CI with java security turned on and using JDK11 (only for the ones that contains the jdk bug ). The errors look like:
{{}}
{{}}
{code:java}
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") {code}
{{}}
The issue seems to be here:
[http://hg.openjdk.java.net/jdk/jdk11/file/1ddf9a99e4ad/src/java.base/share/classes/java/util/zip/Deflater.java#l989]
As we now have a subclass that wants to run this code. Note that this code has been removed in JDK12 and above.
We might need to wrap the creation of this object in a doPriviledged Block or find a different solution that does not need to subclass the Deflater class.
cc: [~uschindler]
> BugfixDeflater_JDK8252739 causes Java security issues in JDk11
> --------------------------------------------------------------
>
> Key: LUCENE-9517
> URL: https://issues.apache.org/jira/browse/LUCENE-9517
> Project: Lucene - Core
> Issue Type: Bug
> Reporter: Ignacio Vera
> Priority: Major
>
> We are running into issues when running Elasticsearch CI with java security turned on and using JDK11 (only for the ones that contains the jdk bug ). The errors look like:
>
>
> {code:java}
> java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") {code}
>
> The issue seems to be here:
> [http://hg.openjdk.java.net/jdk/jdk11/file/1ddf9a99e4ad/src/java.base/share/classes/java/util/zip/Deflater.java#l989]
> As we now have a subclass that wants to run this code. Note that this code has been removed in JDK12 and above.
> We might need to wrap the creation of this object in a doPriviledged Block or find a different solution that does not need to subclass the Deflater class.
>
> cc: [~uschindler]
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org