-
Bug
-
Resolution: Fixed
-
P4
-
None
-
None
-
b08
Some call sites of SignatureFileVerifier.isBlockOrSF fail to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
Note that the Jar File Specification does explicitly say:
"Note that if such files are located in META-INF subdirectories, they are not considered signature-related"
Note that the Jar File Specification does explicitly say:
"Note that if such files are located in META-INF subdirectories, they are not considered signature-related"
