RFR: 8290368: Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation [v5]
Aleksei Efimov
aefimov at openjdk.org
Mon Oct 17 15:45:47 UTC 2022
On Fri, 14 Oct 2022 17:45:50 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
> In the general composition of filters, it is preferable that UNDECIDED is treated as REJECTED.
> That keeps unintentional holes in a filter from being permissive.
That is a good point Roger. The "java.security" file was updated (4449dda) to match the `ObjectFactoriesFilter` implementation, ie the global filter treats UNDECIDED as REJECTED. Also, the CSR has been updated to highlight that.
-------------
PR: https://git.openjdk.org/jdk/pull/10578
More information about the security-dev
mailing list