...
The access modifier of an overriding or hiding method must provide at least as much access as the overridden or hidden method (Java Language Specification, §8.4.8.3, "Requirements in Overriding and Hiding" [JLS 2005]). The following are the allowed accesses:
...
MET04-EX0: For classes that implement the java.lang.Cloneable interface, the accessibility of the Object.clone() method should be increased from protected to public [SCG 2009].
Risk Assessment
Subclassing allows weakening of access restrictions, which can compromise the security of a Java application.
...
CWE-487. Reliance on package-level scope | |
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 1-1. Limit the accessibility of classes, interfaces, methods, and fields |
Bibliography
...