-
Bug
-
Resolution: Fixed
-
P3
-
24
-
b27
-
Verified
jdk.internal.loader.URLClassPath.JarLoader has a checkJar method that will perform additional checks if a security manager is present, and unless the system property "-Dsun.misc.URLClassPath.disableJarChecking" is set to true.
The property is only consulted and the additional checks are only done if a security manager is present.
The question is whether we would like to keep the ability to do conditionally perform these additional checks after the security manager is gone.
One possibility would be to unconditionally check the value of that property and perform the checks when it is false. The default value for that property could be switched to "true" for compatibility (or we could decide to perform the checks by default, but as I understand that could have some regression risks).
The property is only consulted and the additional checks are only done if a security manager is present.
The question is whether we would like to keep the ability to do conditionally perform these additional checks after the security manager is gone.
One possibility would be to unconditionally check the value of that property and perform the checks when it is false. The default value for that property could be switched to "true" for compatibility (or we could decide to perform the checks by default, but as I understand that could have some regression risks).
- csr for
-
JDK-8345394 URLClassLoader may check that a JAR file starts with a local file header
-
- Closed
-
- relates to
-
JDK-8338625 JEP 486: Permanently Disable the Security Manager
-
- Completed
-
- links to
-
Commit(master)
openjdk/jdk/01307a7b
-
Review(master)
openjdk/jdk/22545