RFR: 8338536: Permanently disable remote code downloading in JNDI [v3]
Daniel Fuchs
dfuchs at openjdk.org
Wed Nov 20 11:41:18 UTC 2024
On Tue, 19 Nov 2024 20:38:02 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
>> Aleksei Efimov has updated the pull request incrementally with one additional commit since the last revision:
>>
>> clarify factory location usages in NamingManager and jdk.naming.rmi module-info
>
> src/java.naming/share/classes/com/sun/naming/internal/VersionHelper.java line 163:
>
>> 161: InputStream getJavaHomeConfStream(String filename) {
>> 162: try {
>> 163: String javahome = System.getProperty("java.home");
>
> StaticProperty.javaHome() is available as a stable value for the property.
Good point too - but that would require am additional qualified export of `jdk.internal.util` from `java.base` to `java.naming`. I'm not sure it's worth it. I mean - keeping qualified exports as few as possible is also a worthy goal.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22154#discussion_r1850162238
More information about the core-libs-dev
mailing list