-
New Feature
-
Resolution: Fixed
-
P2
-
7u40, 8
-
b02
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8005587 | 8 | Andy Herrick | P2 | Closed | Fixed | b71 |
Currently the JRE supports blacklisting signed Jar files, however the list of disallowed files is
currently delivered with the JRE so adding to the blacklist requires
releasing a new JRE. We will extend the mechanism used to deliver dynamic
updates for security baseline data to also update blacklist data. In the
future when blacklisting is expanded to work with certs and root certs this
same mechanism will support that as well. On Windows 32 with AU enabled it
will download the updated baseline and blacklist data every 7 days. On all
other platforms, whenever an applet of jws app is launched it will check for
updated data if it hasn't been downloaded in the past 7 days.
currently delivered with the JRE so adding to the blacklist requires
releasing a new JRE. We will extend the mechanism used to deliver dynamic
updates for security baseline data to also update blacklist data. In the
future when blacklisting is expanded to work with certs and root certs this
same mechanism will support that as well. On Windows 32 with AU enabled it
will download the updated baseline and blacklist data every 7 days. On all
other platforms, whenever an applet of jws app is launched it will check for
updated data if it hasn't been downloaded in the past 7 days.
- backported by
-
JDK-8005587 Dynamic updates of blacklist data
-
- Closed
-