JDK-8131486 : SecureClassLoader key for ProtectionDomain cache also needs to take into account certificates
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 9
- Priority: P3
- Status: Closed
- Resolution: Fixed
- Submitted: 2015-07-15
- Updated: 2016-08-24
- Resolved: 2015-07-20
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 9 |
|---|
9 b75Fixed  |
Related Reports
|
Relates :
|
Description
In the fix for JDK-6826789, the ProtectionDomain cache key was changed from CodeSource to a String to avoid expensive DNS lookups when computing hashcodes for CodeSource URLs. However, the key also needs to take into account the certificates of a CodeSource, otherwise a CodeSource URL with different certificates will resolve to the same ProtectionDomain, which is not correct.