[11u] RFR(S): 8223326: Regression introduced by CPU sync: java.security.AccessControlException: access denied ("java.net.NetPermission" "setSocketImpl")
christoph.langer at sap.com
Tue Mar 24 10:55:02 UTC 2020
> > By spec part you mean the "@throws SecurityException" sections? Do you
> think those should not have been part of the 11u/13u change? Should these
> be even rolled back?
> The spec changes to NetPermission and the protected Socket constructor
> should not be in the update releases. If a security fix involves a spec
> clarification then a good starting assumption is that the scope of the
> change for the update releases, if applicable, will be bit different.
Ok, makes sense. I wasn't involved in the security fix and its backport, though. But I assume should now leave the fix for JDK-8218573: "Better socket support" (http://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/c7602effc480) alone now?
More information about the core-libs-dev