-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P4
-
Affects Version/s: 7u471, 8u461, 11.0.28-oracle, 17.0.16-oracle, 21.0.8-oracle, 24
-
Component/s: security-libs
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8351053 | 21.0.8-oracle | Marc Palmerjohnson | P4 | Resolved | Delivered | |
| JDK-8351054 | 17.0.16-oracle | Marc Palmerjohnson | P4 | Resolved | Delivered | |
| JDK-8351055 | 11.0.28-oracle | Marc Palmerjohnson | P4 | Resolved | Delivered | |
| JDK-8351056 | 8u461 | Marc Palmerjohnson | P4 | Resolved | Delivered |
If an entry is removed from a signed JAR file, there is no mechanism to detect that it has been removed using the `JarFile` API, since the `getJarEntry` method returns `null` as if the entry had never existed. With this change, the `jarsigner -verify` command analyzes the signature files and if some sections do not have matching file entries, it prints out the following warning: "This JAR contains signed entries for files that do not exist". Users can further find out the names of these entries by adding the `-verbose` option to the command.
- backported by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-