[LUCENE-9517] BugfixDeflater_JDK8252739 causes Java security issues in JDK 11 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 8.x, 9.0
Fix Version/s: 8.x, 9.0
Component/s: core/index
Labels:
- Java10
- Java11

Lucene Fields:

New

Description

We are running into issues when running Elasticsearch CI with java security turned on and using JDK11 (only for the ones that contains the jdk bug ). The errors look like:

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")

The issue seems to be here:

http://hg.openjdk.java.net/jdk/jdk11/file/1ddf9a99e4ad/src/java.base/share/classes/java/util/zip/Deflater.java#l989

As we now have a subclass that wants to run this code. Note that this code has been removed in JDK12 and above.

We might need to wrap the creation of this object in a doPriviledged Block or find a different solution that does not need to subclass the Deflater class.

cc: uschindler

Attachments

Issue Links

is broken by

LUCENE-9500 Did we hit a DEFLATE bug?

Closed

links to

GitHub Pull Request #1849

GitHub Pull Request #1850

JDK-8252976

Activity

People

Assignee:: Uwe Schindler

Reporter:: Ignacio Vera

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Sep/20 10:06

Updated:: 28/Aug/22 16:07

Resolved:: 10/Sep/20 10:02

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: