<Swing Dev> new kind of exception raised since publication of latest Java releases

Holger Brands holger.brands at googlemail.com
Thu Apr 16 07:44:04 UTC 2015


Hello,

sorry if this post is off-topic,
but perhaps you can forward this message to the responsible people at
Oracle.
In any case, desktop applications distributed with Java Webstart seem to be
affected.
Since yesterday we get a lot of the following exceptions:

java.lang.SecurityException: Sicherheitspaket-JAR-Datei kann nicht geprüft
werden
    at com.sun.deploy.util.SecurityBaseline.verifyJar(Unknown Source)
    at com.sun.deploy.util.SecurityBaseline.access$200(Unknown Source)
    at com.sun.deploy.util.SecurityBaseline$1.run(Unknown Source)

engl.: "java.lang.SecurityException: Can not verify security pack jar"

Could it be that there has been deployed a new securitypack.jar
(https://javadl-esd-secure.oracle.com/update/securitypack.jar),
that is (perhaps by mistake?) not signed anymore?
https://bugs.openjdk.java.net/browse/JDK-8077736 seems to indicate an
update to this jar.

For example, we experience this issue on Windows 7 with Java 8u31, when we
start our Webstart application and the modification timestamp of the file
"update.securitypack.timestamp" in the
security subdirectory
(${user.home}\AppData\LocalLow\Sun\Java\Deployment\security) is older than
24 hours.
Others have experienced this problem, too:
http://stackoverflow.com/questions/29637592/unknown-securityexcetion-from-java-webstart-app

It would be great if you could forward this critical problem inside Oracle
corp. to
the responsible staff members asap...

Thanks in advance,
Holger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/swing-dev/attachments/20150416/b8f0ebeb/attachment.html>


More information about the swing-dev mailing list