Request for review: regression in jar url evaluation between JDK6 and OpenJDK7

Brad Wetmore bradford.wetmore at
Thu May 12 15:36:07 PDT 2011

On 5/12/2011 10:49 AM, Omair Majid wrote:
> Hi,
> Deepak Bhole posted this bug on the openjdk bugzilla a little while ago,
> but it seems to have fallen through the cracks:

Yes it did.  That was about a year ago.

Sean, this should be assigned to network folks, right?  They handle the 
protocol stuff.  I've reassigned for now, set the sponsor flag to "?" as 
described in:

and filed:

7044443: Permissions resolved incorrectly for jar protocol (Patch from

I'll ask them to assess.


More information about the security-dev mailing list