United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-7109885 : security baseline for 7u2 or above is not set correctly

Details
Type:
Bug
Submit Date:
2011-11-09
Status:
Closed
Updated Date:
2013-09-12
Project Name:
JDK
Resolved Date:
2012-01-13
Component:
deploy
OS:
windows
Sub-Component:
deployment_toolkit
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
7u4 (b05)

Related Reports
Backport:
Relates:

Sub Tasks

Description
security baseline for 7u2 or above is not set correctly

currently - the security baseline for 7u2 is set at 7u2.

it should be 7u1 instead.

                                    

Comments
EVALUATION

see MR
                                     
2011-12-20
EVALUATION

problem is specific only to apps requesting JRE 7u1 specifically.  and for machines that has 7u1 + FX 2.0.2, there will not be ssv dialog shown either when running apps.

not a showstopper for jre 7u2.
                                     
2011-11-10
EVALUATION

fix for 7u2
                                     
2011-11-09
EVALUATION

problem is in SecurityBaseline.java

it's missing getBaselineVersion170() now.  (and simply return CURRENT_VERSION - which is the bug)

  private static String getBaselineVersion(String requestedVersion) {
        if (requestedVersion.startsWith("1.3.1")) {
            return getBaselineVersion131();
        } else if (requestedVersion.startsWith("1.4.2")) {
            return getBaselineVersion142();
        } else if (requestedVersion.startsWith("1.5")) {
            return getBaselineVersion150();
        } else if (requestedVersion.startsWith("1.6")) {
            return getBaselineVersion160();
        } else {
            return CURRENT_VERSION;
        }
    }
                                     
2011-11-09



Hardware and Software, Engineered to Work Together