diff --git a/APIJSONORM/README.md b/APIJSONORM/README.md
index 0cb431e2..745733b4 100644
--- a/APIJSONORM/README.md
+++ b/APIJSONORM/README.md
@@ -21,7 +21,7 @@ Tencent [APIJSON](https://github.com/Tencent/APIJSON) ORM library for remote dep
 	<dependency>
 	    <groupId>com.github.Tencent</groupId>
 	    <artifactId>APIJSON</artifactId>
-	    <version>LATEST</version>
+	    <version>8.1.8</version>
 	</dependency>
 ```
 
@@ -45,7 +45,7 @@ Tencent [APIJSON](https://github.com/Tencent/APIJSON) ORM library for remote dep
 #### 2. Add the APIJSON dependency in one of your modules(such as `app`)
 ```gradle
 	dependencies {
-	        implementation 'com.github.Tencent:APIJSON:latest'
+	        implementation 'com.github.Tencent:APIJSON:8.1.8'
 	}
 ```
 
diff --git a/APIJSONORM/src/main/java/apijson/orm/script/JSR223ScriptExecutor.java b/APIJSONORM/src/main/java/apijson/orm/script/JSR223ScriptExecutor.java
index 9c2c9baf..7e08a945 100644
--- a/APIJSONORM/src/main/java/apijson/orm/script/JSR223ScriptExecutor.java
+++ b/APIJSONORM/src/main/java/apijson/orm/script/JSR223ScriptExecutor.java
@@ -27,11 +27,34 @@ public abstract class JSR223ScriptExecutor<T, M extends Map<String, Object>, L e
 	
 	@Override
 	public ScriptExecutor<T, M, L> init() {
-		ScriptEngineManager scriptEngineManager = new ScriptEngineManager();
-		scriptEngine = scriptEngineManager.getEngineByName(scriptEngineName());
+		scriptEngine = createScriptEngine();
 		return this;
 	}
 
+	protected ScriptEngine createScriptEngine() {
+		String name = scriptEngineName();
+		if ("nashorn".equalsIgnoreCase(name) || "javascript".equalsIgnoreCase(name)
+				|| "js".equalsIgnoreCase(name) || "ecmascript".equalsIgnoreCase(name)) {
+			try {
+				Class<?> factoryClass = Class.forName("jdk.nashorn.api.scripting.NashornScriptEngineFactory");
+				Class<?> filterClass = Class.forName("jdk.nashorn.api.scripting.ClassFilter");
+				Object filter = java.lang.reflect.Proxy.newProxyInstance(
+						filterClass.getClassLoader(),
+						new Class<?>[]{filterClass},
+						(proxy, method, methodArgs) -> isClassExposureAllowed((String) methodArgs[0]));
+				Object factory = factoryClass.getDeclaredConstructor().newInstance();
+				return (ScriptEngine) factoryClass.getMethod("getScriptEngine", filterClass).invoke(factory, filter);
+			} catch (Throwable e) {
+				Log.e(TAG, "create sandboxed Nashorn engine failed, falling back: " + e);
+			}
+		}
+		return new ScriptEngineManager().getEngineByName(name);
+	}
+
+	protected boolean isClassExposureAllowed(String className) {
+		return false;
+	}
+
 	protected abstract String scriptEngineName();
 	
 	protected abstract Object extendParameter(AbstractFunctionParser<T, M, L> parser, Map<String, Object> currentObject, String methodName, Object[] args);
