Details
-
Bug
-
Resolution: Fixed
-
P4
-
9, 10, 11
-
None
-
b18
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8205230 | 11.0.1 | Xueming Shen | P4 | Resolved | Fixed | b01 |
Description
The JarFile API specification does not explicitly specify how the versioned jar entry is verified when the signed multi-release jar file is processed. The proposed update is to clarify that the versioned jar entry is verified against its own signature with its own signers when associated to a corresponding base entry.
Attachments
Issue Links
- backported by
-
JDK-8205230 API clarification: versioned jar entry verification in multi-release jar file
- Resolved
- csr for
-
JDK-8203840 API clarification: versioned jar entry verification in multi-release jar file
- Closed