getCodeBase broken locally in 7 update 25
Neon
ntn at techma.com
Tue Aug 13 17:38:47 UTC 2013
Sandeep Konchady <sandeep.konchady at ...> writes:
>
> Hi Mickey,
> The issue you are seeing is intended behavior. This was caused because of
a vulnerability that was fixed in 7u25 in which which a getCodeBase call
against all local applet/jnlp apps will return null.
>
>
> Thanks,
> Sandeep
>
>
> On Jun 19, 2013, at 3:18 PM, "Mickey Segal"
<java3 at segal.org> wrote:
>
> The local getCodeBase problem is not present in Java 8 build 94, the most
recent version.
>
>
> From: Mickey Segal [mailto:java3 <at> segal.org] Sent: Wednesday, June 19,
2013 3:56 PMTo: Java Security
(security-dev at openjdk.java.net)Subject: RE:
getCodeBase broken locally in 7 update 25
>
>
> The same getCodeBase problem seems to be occurring on the MacOS version too.
>
> From: Mickey Segal [mailto:java3 at segal.org]
> I upgraded a Windows 7 computer to Java version 1.7.0_25 from 1.7.0_21. A
getCodeBase call in a signed applet now returns null. In previous versions
of Java, getCodeBase returned a URL that referred to the current directory
(tested from Java 1.1 to 1.7.0_21 over the years).
>
> Was this done purposely for security reasons, or is it just a bug?
>
> I will also test on Macintosh and report back on macosx-port-dev if it is
a problem there too.
>
>
We have code that uses relative path from the codebase for Applets when it
is served either from a web server or local file which is now broken from
the local file system.
What is the alternative in 7u25 for Applet.getCodeBase() for Applets running
on a local file?
Regards,
Neon
More information about the security-dev
mailing list