RFR: 8338536: Permanently disable remote code downloading in JNDI [v3]
Aleksei Efimov
aefimov at openjdk.org
Wed Nov 20 14:16:31 UTC 2024
On Tue, 19 Nov 2024 20:42:04 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
>> Aleksei Efimov has updated the pull request incrementally with one additional commit since the last revision:
>>
>> clarify factory location usages in NamingManager and jdk.naming.rmi module-info
>
> src/java.naming/share/classes/javax/naming/spi/NamingManager.java line 127:
>
>> 125: * Return {@code refInfo} if the factory cannot be created.
>> 126: * Downloading a factory class from a location specified in the reference
>> 127: * is not supported out of the box.
>
> "out of the box" seems a bit informal for the space.
> Perhaps...
>
> Downloading a factory class from a location specified in the reference can be supported by a custom implementation of {@link ObjectFactoryBuilder}.
>
> etc.
Thank you for the suggestion. Updated all places as suggested in 673bc73b67a1956da7feb7f1d212287a6aa1c701
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22154#discussion_r1850278841
More information about the core-libs-dev
mailing list