Fix Version/s: 3.11.x
CASSANDRA-9402 introduced a sandbox using a thread-pool to enforce security constraints and to detect "amok UDFs" - i.e. UDFs that essentially never return (e.g. while (true).
Currently the safest way to react on such an "amok UDF" is to fail-fast - to stop the C* daemon since stopping a thread (in Java) is just no solution.
CASSANDRA-9890 introduced further protection by inspecting the byte-code. The same mechanism can also be used to manipulate the Java-UDF byte-code.
By manipulating the byte-code I mean to add regular "is-amok-UDF" checks in the compiled code.
EDIT: These "is-amok-UDF" checks would also work for UNFENCED Java-UDFs.