-
Bug
-
Resolution: Fixed
-
P2
-
11
-
b26
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8209311 | 12 | Sean Mullan | P2 | Resolved | Fixed | b07 |
| JDK-8209217 | 11.0.2 | Sean Mullan | P2 | Resolved | Fixed | b01 |
| JDK-8209292 | 11.0.1 | Sean Mullan | P2 | Resolved | Fixed | b05 |
After further review, an additional test and wording improvement should be made to tighten up the definition of the new jdk.includeInExceptions security property:
1. Add a test to check that the jdk.includeInExceptions security property is set to null or the empty String by default. This is mainly to protect against accidental pushes where the property is set to something.
2. Add a stronger warning to the java.security file about the potential security risks of setting this property; for example:
"NOTE: Use extra caution before setting this property. Setting this property exposes sensitive information in Exceptions, which could, for example, propagate to untrusted code or be emitted in stack traces that are inadvertently disclosed and made accessible over a public network."
1. Add a test to check that the jdk.includeInExceptions security property is set to null or the empty String by default. This is mainly to protect against accidental pushes where the property is set to something.
2. Add a stronger warning to the java.security file about the potential security risks of setting this property; for example:
"NOTE: Use extra caution before setting this property. Setting this property exposes sensitive information in Exceptions, which could, for example, propagate to untrusted code or be emitted in stack traces that are inadvertently disclosed and made accessible over a public network."
- backported by
-
JDK-8209217 Tighten up jdk.includeInExceptions security property
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Closed
-