RFR: JDK-8291974 PrivateCredentialPermission should not use local variable to enable debugging
Valerie Peng
valeriep at openjdk.org
Thu Sep 15 22:33:13 UTC 2022
On Fri, 9 Sep 2022 14:43:50 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> What happens when deserialization encounters a missing field like `testing`? Does it ignore it?
Have we tried this to know for sure that it is ignored? I think you should verify this by serializing w/o this "testing" field and de-serialize it with older releases.
Never mind the above comment, I just saw your other comment that this has been verified.
-------------
PR: https://git.openjdk.org/jdk/pull/10206
More information about the security-dev
mailing list