RFR: JDK-8291974 PrivateCredentialPermission should not use local variable to enable debugging

Valerie Peng valeriep at openjdk.org
Thu Sep 15 22:33:13 UTC 2022


On Fri, 9 Sep 2022 14:43:50 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> What happens when deserialization encounters a missing field like `testing`? Does it ignore it?

Have we tried this to know for sure that it is ignored? I think you should verify this by serializing w/o this "testing" field and de-serialize it with older releases. 
Never mind the above comment, I just saw your other comment that this has been verified.

-------------

PR: https://git.openjdk.org/jdk/pull/10206



More information about the security-dev mailing list