...
A compliant solution must comply with CON32-J. Protect accessible mutable static fields from untrusted code. However, the attacker intentionally violates CON20-J. Do not perform operations that may block while holding a lock in the untrusted code.
...