[jdk11u] RFR: 8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
Goetz Lindenmaier
goetz at openjdk.org
Fri Dec 23 10:24:56 UTC 2022
On Thu, 22 Dec 2022 10:58:34 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
> Please review this almost clean backport (modulo copyright header in `DisabledAlgorithmConstraints`) in the product code. The test needed some changes to make it work (removal of text block syntax, `ClassFileInstaller` import change).
>
> It fixes a regression introduced with [JDK-8269039: Disable SHA-1 Signed JARs](https://bugs.openjdk.org/browse/JDK-8269039) which was included in `11.0.17` (note that `11.0.16` is not affected as JDK-8269039 is not there). This should be low-risk as it mainly removes use of `java.util.Calendar` API usage in `DisabledAlgorithmConstraints` which can cause issues with applications that contain `CalendarDataProvider`s in signed jars. See [JDK-8297684](https://bugs.openjdk.org/browse/JDK-8297684) for details.
>
> Proposing as critical fix so that we don't have another release with that regression.
>
> Regression test fails prior and passes after the product fix.
The nighties are all green. ok to go. I checked before approving :)
-------------
PR: https://git.openjdk.org/jdk11u/pull/65
More information about the jdk-updates-dev
mailing list