Request for review: regression in jar url evaluation between JDK6 and OpenJDK7
Brad Wetmore
bradford.wetmore at oracle.com
Thu May 12 22:36:07 UTC 2011
On 5/12/2011 10:49 AM, Omair Majid wrote:
> Hi,
>
> Deepak Bhole posted this bug on the openjdk bugzilla a little while ago,
> but it seems to have fallen through the cracks:
>
> https://bugs.openjdk.java.net/show_bug.cgi?id=100142
Yes it did. That was about a year ago.
http://mail.openjdk.java.net/pipermail/security-dev/2010-April/001818.html
Sean, this should be assigned to network folks, right? They handle the
protocol stuff. I've reassigned for now, set the sponsor flag to "?" as
described in:
http://openjdk.java.net/contribute/
and filed:
7044443: Permissions resolved incorrectly for jar protocol (Patch from
bugs.openjdk.java.net)
I'll ask them to assess.
Brad
More information about the security-dev
mailing list