Request for review: regression in jar url evaluation between JDK6 and OpenJDK7

Sean Mullan sean.mullan at oracle.com
Thu May 12 18:21:57 PDT 2011


On 5/12/11 6:36 PM, Brad Wetmore wrote:
>
>
> On 5/12/2011 10:49 AM, Omair Majid wrote:
>> Hi,
>>
>> Deepak Bhole posted this bug on the openjdk bugzilla a little while ago,
>> but it seems to have fallen through the cracks:
>>
>> https://bugs.openjdk.java.net/show_bug.cgi?id=100142
>
> Yes it did. That was about a year ago.
>
> http://mail.openjdk.java.net/pipermail/security-dev/2010-April/001818.html
>
> Sean, this should be assigned to network folks, right? They handle the
> protocol stuff. I've reassigned for now, set the sponsor flag to "?" as
> described in:
>
> http://openjdk.java.net/contribute/
>
> and filed:
>
> 7044443: Permissions resolved incorrectly for jar protocol (Patch from
> bugs.openjdk.java.net)
>
> I'll ask them to assess.

It should be assigned to security - it's an issue in the policy 
processing code.

--Sean




More information about the security-dev mailing list