[11u] RFR(S): 8223326: Regression introduced by CPU sync: java.security.AccessControlException: access denied ("java.net.NetPermission" "setSocketImpl")

Alan Bateman Alan.Bateman at oracle.com
Tue Mar 24 09:53:06 UTC 2020

On 24/03/2020 08:19, Langer, Christoph wrote:
> Ah, I see... JDK-8218573 is JDK11u/JDK13u specific. Looks like it was derived from JDK-8217997 in jdk/jdk but pushed as a different bug. jdk/jdk was the only place where I was looking for JDK-8218573, so I couldn't find it.
I don't have time to dig into this tangled web but it does appear that a 
backport issue was used instead of the main issue in at least one case. 
That might be part of the confusion with the JBS issues. It also appears 
that JDK-8223326 has been backported to several releases where it is not 

> By spec part you mean the "@throws SecurityException" sections? Do you think those should not have been part of the 11u/13u change? Should these be even rolled back?
The spec changes to NetPermission and the protected Socket constructor 
should not be in the update releases. If a security fix involves a spec 
clarification then a good starting assumption is that the scope of the 
change for the update releases, if applicable, will be bit different.


More information about the core-libs-dev mailing list