Cross-posting to security-dev since this fix is security related and should also be reviewed there. --Sean On 8/7/18 11:00 AM, Baesken, Matthias wrote:
Ping .... 😊 , any reviews / comments ?
Thanks , Matthias
-----Original Message----- From: Baesken, Matthias Sent: Dienstag, 31. Juli 2018 12:28 To: 'Chris Hegarty' <chris.hegarty@oracle.com>; Alan Bateman <Alan.Bateman@oracle.com> Cc: core-libs-dev@openjdk.java.net; Lindenmaier, Goetz <goetz.lindenmaier@sap.com>; Langer, Christoph <christoph.langer@sap.com> Subject: RE: [RFR] 8205525 : Improve exception messages during manifest parsing of jar archives
Hello , looks like the generalization of the `includeInExceptions` security property is now in jdk/jdk after
"8207846: Generalize the jdk.net.includeInExceptions security property"
was added, great news and thanks to Chris for driving this !
I use this security property now as well , and updated the change :
http://cr.openjdk.java.net/~mbaesken/webrevs/8205525.3/
I updated the CSR as well :
https://bugs.openjdk.java.net/browse/JDK-8207768
Best regards, Matthias
-----Original Message----- From: Chris Hegarty <chris.hegarty@oracle.com> Sent: Donnerstag, 19. Juli 2018 14:54 To: Alan Bateman <Alan.Bateman@oracle.com>; Baesken, Matthias <matthias.baesken@sap.com> Cc: core-libs-dev@openjdk.java.net; Lindenmaier, Goetz <goetz.lindenmaier@sap.com> Subject: Re: [RFR] 8205525 : Improve exception messages during manifest parsing of jar archives
On 19 Jul 2018, at 11:46, Alan Bateman <Alan.Bateman@oracle.com> wrote:
On 19/07/2018 09:07, Baesken, Matthias wrote:
Hello, in the meantime I prepared a CSR :
https://bugs.openjdk.java.net/browse/JDK-8207768
jdk.includeInExceptions expands the scope. That might be okay but we will need to re-visit jdk.net.includeInExceptions and also move the support to somewhere in jdk.internal so that it can be used by other code in java.base. Is there some support code for " jdk.net.includeInExceptions " or do you just mean the name of the property ?
Chris is right that it's a bit premature to submit a CSR while the question on whether to rename the existing security property is on the table. I have no objection to doing that.
I filed the following issue to generalize the `includeInExceptions` security property: https://bugs.openjdk.java.net/browse/JDK-8207846
I would like to resolve 8207846 first, then 8205525 can propose to add the new argument value, `jarPath`.
-Chris.