[11u] RFR(S): 8223326: Regression introduced by CPU sync: java.security.AccessControlException: access denied ("java.net.NetPermission" "setSocketImpl")
Alan.Bateman at oracle.com
Tue Mar 24 09:53:06 UTC 2020
On 24/03/2020 08:19, Langer, Christoph wrote:
> Ah, I see... JDK-8218573 is JDK11u/JDK13u specific. Looks like it was derived from JDK-8217997 in jdk/jdk but pushed as a different bug. jdk/jdk was the only place where I was looking for JDK-8218573, so I couldn't find it.
I don't have time to dig into this tangled web but it does appear that a
backport issue was used instead of the main issue in at least one case.
That might be part of the confusion with the JBS issues. It also appears
that JDK-8223326 has been backported to several releases where it is not
> By spec part you mean the "@throws SecurityException" sections? Do you think those should not have been part of the 11u/13u change? Should these be even rolled back?
The spec changes to NetPermission and the protected Socket constructor
should not be in the update releases. If a security fix involves a spec
clarification then a good starting assumption is that the scope of the
change for the update releases, if applicable, will be bit different.
More information about the core-libs-dev