Request for review: regression in jar url evaluation between JDK6 and OpenJDK7

Brad Wetmore bradford.wetmore at oracle.com
Thu May 12 15:36:07 PDT 2011



On 5/12/2011 10:49 AM, Omair Majid wrote:
> Hi,
>
> Deepak Bhole posted this bug on the openjdk bugzilla a little while ago,
> but it seems to have fallen through the cracks:
>
> https://bugs.openjdk.java.net/show_bug.cgi?id=100142

Yes it did.  That was about a year ago.

http://mail.openjdk.java.net/pipermail/security-dev/2010-April/001818.html

Sean, this should be assigned to network folks, right?  They handle the 
protocol stuff.  I've reassigned for now, set the sponsor flag to "?" as 
described in:

     http://openjdk.java.net/contribute/

and filed:

7044443: Permissions resolved incorrectly for jar protocol (Patch from 
bugs.openjdk.java.net)

I'll ask them to assess.

Brad





More information about the security-dev mailing list