Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8269039

Disable SHA-1 Signed JARs

    XMLWordPrintable

    Details

      Backports

        Description

        Disable JARs signed with algorithms using SHA-1 by default, and treat them as unsigned. See the CSR for more details.

        The original enhancement (JDK-8196415) was backed out due to performance regressions, which should be addressed in this new fix.

          Attachments

            Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8282338 Disable SHA-1 Signed JARs

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8288965 Disable SHA-1 Signed JARs

            • P3 - Major loss of function.
            • New
            csr for

            CSR - null JDK-8272155 Disable SHA-1 Signed JARs

            • P3 - Major loss of function.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-8265086 jarsigner tool should display descriptive message when multiple constraints are specified

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8166764 jarsigner should detect JARs that are signed after the SHA-1 cutoff date and warn about it

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8275887 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8274536 sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java fails due to recursive initialisation

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8266971 JDK-8196415 cause significant startup regressions on apps that include any SHA-1 signed JAR

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8280890 Cannot use '-Djava.system.class.loader' with class loader in signed JAR

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8262762 Deadlock in java.util.jar.JarFile

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8196415 Disable SHA-1 Signed JARs

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved
            links to

            Commit Commit openjdk/jdk/6d91a3eb

            Review Review openjdk/jdk17u-dev/510

            Review Review openjdk/jdk/5320

              Activity

                People

                Assignee:
                mullan Sean Mullan
                Reporter:
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: