[jdk11u] RFR: 8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
Christoph Langer
clanger at openjdk.org
Thu Dec 22 15:13:51 UTC 2022
On Thu, 22 Dec 2022 10:58:34 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
> Please review this almost clean backport (modulo copyright header in `DisabledAlgorithmConstraints`) in the product code. The test needed some changes to make it work (removal of text block syntax, `ClassFileInstaller` import change).
>
> It fixes a regression introduced with [JDK-8269039: Disable SHA-1 Signed JARs](https://bugs.openjdk.org/browse/JDK-8269039) which was included in `11.0.17` (note that `11.0.16` is not affected as JDK-8269039 is not there). This should be low-risk as it mainly removes use of `java.util.Calendar` API usage in `DisabledAlgorithmConstraints` which can cause issues with applications that contain `CalendarDataProvider`s in signed jars. See [JDK-8297684](https://bugs.openjdk.org/browse/JDK-8297684) for details.
>
> Proposing as critical fix so that we don't have another release with that regression.
>
> Regression test fails prior and passes after the product fix.
Looks good. I'll run this PR and the 17u one through our nightlies.
-------------
Marked as reviewed by clanger (Reviewer).
PR: https://git.openjdk.org/jdk11u/pull/65
More information about the jdk-updates-dev
mailing list