JDK-8043406 : Change default policy for JCE providers to run with as few privileges as possible
- Type: Enhancement
- Component: security-libs
- Sub-Component: java.security
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2014-05-19
- Updated: 2016-04-12
- Resolved: 2014-07-10
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 9 |
|---|
9 b23Fixed  |
Related Reports
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
In JDK-8040059, the default java.policy was changed to grant no permissions to standard extensions by default, and existing jar files in the standard ext directory were individually granted AllPermission initially. This task will reduce the permissions for the JCE providers in the standard extensions directory so that they can better adhere to the principle of least privilege.
Comments
|