The fix to JDK-8078534 in CodeRef.getChecksum() wiped out the fix for this (JDK-8076220) by changing:
if ((checksum == null || checksumAlg == null ||
!checksumAlg.equals(algorithm)) && (!isCodebase)) {
to:
if (checksum == null) {
// only valid algorithm is now SHA-256
if (algorithm != null && !algorithm.equalsIgnoreCase("SHA-256")) {
throw new IOException("Invalid checksum algorithm: " +
algorithm);
}
instead it should have changed it to:
if (checksum == null && !isCodebase) {
...
The check for !isCodebase was inadvertently removed as part of JDK-8078534
As a result - having a checksum base DRS rule installed will again cause the "directory" to be downloaded when running an html applet using loose classes from the codebase