Rather than restricting just the most recent JDK signatures, we can use ForbiddenAPIs to enforce compatibility with all signatures of all JDKs we plan to support.