RFR: 8370688: java.util.jar.JarEntry.getCodeSigners() and getCertificates() should specify that they return a copy of the arrays
Chen Liang
liach at openjdk.org
Tue Dec 2 23:39:33 UTC 2025
On Tue, 2 Dec 2025 20:28:50 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
> The implementation of JarEntry.getCodeSigners() and getCertificates() both return a copy of the original array. However, the documentation of these 2 methods currently doesn't specify this.
Looks good in principle to indicate non-uniqueness. Please find security area reviewers to double check. You should also create a CSR for this specification change.
-------------
Marked as reviewed by liach (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/28615#pullrequestreview-3532560572
More information about the core-libs-dev
mailing list