java security issue after update from 1.8.0_25 to 1.8.0_31

Question

Running JRE 8 32-bit on Windows Server 2016.

Not having problems running 1.8.0_25.

After updating to 1.8.0_31, one security exception reveals:

java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")

Additional information after -Djava.security.debug=access,failure:

access: domain that failed ProtectionDomain  null
 null
 <no principals>
 java.security.Permissions@107f848 (
)


access: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
java.lang.Exception: Stack trace
    at java.lang.Thread.dumpStack(Thread.java:1329)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:447)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:95)
    at org.apache.commons.lang.builder.HashCodeBuilder.reflectionAppend(HashCodeBuilder.java:165)
    at org.apache.commons.lang.builder.HashCodeBuilder.reflectionHashCode(HashCodeBuilder.java:348)
    at org.apache.commons.lang.builder.HashCodeBuilder.reflectionHashCode(HashCodeBuilder.java:387)
    at 
...
sun.security.ssl.ServerHandshaker.setupPrivateKeyAndChain(ServerHandshaker.java:1403)
    at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1215)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1009)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:731)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:213)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:957)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:892)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:916)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
    at java.io.DataInputStream.readInt(DataInputStream.java:387)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:722)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$240(TCPTransport.java:683)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$$Lambda$1/26915897.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

Also, from the debug log, one can see multiple

access: access allowed ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")

, before and after the denied occurrence.

Tried 1.8.0_192 without success.

Some help would be appreciated.