JDK-6600622 : Bundle security checking disabled
  • Type: Bug
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 6u5
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2007-09-04
  • Updated: 2010-09-08
  • Resolved: 2008-02-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6u10 b04Fixed
A side effect of the merge of the bundle checking code with the new sun.jkernel.Bundle class disabled checking, because the sense of the securityEnabled field initialization is backwards. All of the actual security code in method download(boolean) had been tested before the merge and was cut/pasted into the new Bundle class without modification. However final tests were all run with good bundles and so this error wasn't discovered until investigation of 6595104 started.

EVALUATION Needs fixing!

SUGGESTED FIX In j2se/src/share/classes/sun/jkernel/Bundle.java private static boolean securityEnabled = "false".equals( should be: private static boolean securityEnabled = ! "false".equals(