getCodeBase broken locally in 7 update 25
Sandeep Konchady
sandeep.konchady at oracle.com
Wed Jun 19 23:39:40 UTC 2013
Hi Mickey,
The issue you are seeing is intended behavior. This was caused because of a vulnerability that was fixed in 7u25 in which which a getCodeBase call against all local applet/jnlp apps will return null.
Thanks,
Sandeep
On Jun 19, 2013, at 3:18 PM, "Mickey Segal" <java3 at segal.org> wrote:
> The local getCodeBase problem is not present in Java 8 build 94, the most recent version.
>
> From: Mickey Segal [mailto:java3 at segal.org]
> Sent: Wednesday, June 19, 2013 3:56 PM
> To: Java Security (security-dev at openjdk.java.net)
> Subject: RE: getCodeBase broken locally in 7 update 25
>
> The same getCodeBase problem seems to be occurring on the MacOS version too.
>
> From: Mickey Segal [mailto:java3 at segal.org]
>
> I upgraded a Windows 7 computer to Java version 1.7.0_25 from 1.7.0_21. A getCodeBase call in a signed applet now returns null. In previous versions of Java, getCodeBase returned a URL that referred to the current directory (tested from Java 1.1 to 1.7.0_21 over the years).
>
> Was this done purposely for security reasons, or is it just a bug?
>
> I will also test on Macintosh and report back on macosx-port-dev if it is a problem there too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20130619/54163fab/attachment.htm>
More information about the security-dev
mailing list