RFR: JDK-8291974 PrivateCredentialPermission should not use local variable to enable debugging [v2]
Valerie Peng
valeriep at openjdk.org
Mon Sep 19 18:29:43 UTC 2022
On Mon, 19 Sep 2022 18:10:17 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> I tested old bytes on new release. It passes. I didn't test new bytes on an old release because of Max's "from the future" comment. Honestly, I'm not sure what any of this testing proves. Maybe that the Java Object Serialization Specification isn't broken?
Supposedly if the newer bytes doesn't work with the older releases, it is a compatibility format change and you should change the serialVersionID value to indicate it. In this case, some may wonder if it's worthwhile to remove this field.
-------------
PR: https://git.openjdk.org/jdk/pull/10206
More information about the security-dev
mailing list