On Mon, 7 Apr 2025 06:34:11 GMT, Jaikiran Pai wrote:
> Can I please get a review of this change which proposes to address the
> increase in memory footprint of an application that uses signed JAR files,
> signed with `SHA-384` digest algorithm? This addresses
> https://bugs.openjdk.org/browse/
On Mon, 7 Apr 2025 18:40:35 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.UnresolvedPermission`,
> `javax.net.ssl.SSLPermission`, `javax.security.auth.AuthP
in these classes was reused as the deprecation text.
>
> Release Note: https://bugs.openjdk.org/browse/JDK-8353680
Sean Mullan has updated the pull request incrementally with one additional
commit since the last revision:
Fix build error; add removal annotation.
-
Changes:
On Fri, 4 Apr 2025 19:00:02 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
On Fri, 4 Apr 2025 19:00:02 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
in these classes was reused as the deprecation text.
>
> Release Note: https://bugs.openjdk.org/browse/JDK-8353680
Sean Mullan has updated the pull request incrementally with three additional
commits since the last revision:
- Merge branch 'JDK-8348967' of gh:seanjmullan/jd
On Fri, 4 Apr 2025 14:49:36 GMT, David M. Lloyd wrote:
> `AllPermission` is an integral concept of permission sets, and thus we would
> be obliged to create our own if the JDK one disappeared, causing
> compatibility problems due to the class moving to a new package from the
> point of view of
Please review this change to terminally deprecate the following security
related permission classes: `java.security.AllPermission`,
`java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
`javax.security.auth.AuthPermission`,
`javax.security.auth.PrivateCredentialPermission`,
`jav
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.AllPermission`,
> `java.security.UnresolvedPermission`, `javax.net.ssl.SSLP
On Mon, 3 Mar 2025 13:33:05 GMT, Sean Mullan wrote:
> Please review this fix to a test that fails when run with --enable-preview.
> This fix is to add all the necessary utility classes imported by the test to
> the JAR file, and not just the test classes.
This pull request has be
On Mon, 3 Mar 2025 13:33:05 GMT, Sean Mullan wrote:
> Please review this fix to a test that fails when run with --enable-preview.
> This fix is to add all the necessary utility classes imported by the test to
> the JAR file, and not just the test classes.
I am withdrawing this PR fo
On Mon, 3 Mar 2025 13:33:05 GMT, Sean Mullan wrote:
> Please review this fix to a test that fails when run with --enable-preview.
> This fix is to add all the necessary utility classes imported by the test to
> the JAR file, and not just the test classes.
test/jdk/java/la
Please review this fix to a test that fails when run with --enable-preview.
This fix is to add all the necessary utility classes imported by the test to
the JAR file, and not just the test classes.
-
Commit messages:
- Initial fix.
Changes: https://git.openjdk.org/jdk/pull/23864/f
On Thu, 20 Feb 2025 01:12:46 GMT, Jamil Nimeh wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>> works better now with
On Thu, 13 Feb 2025 22:29:46 GMT, Jamil Nimeh wrote:
>> Also, should it be moved to somewhere else like
>> jdk/test/sun/security/provider/certpath?
>
>> Also, should it be moved to somewhere else like
>> jdk/test/sun/security/provider/certpath?
>
> Hmmm...not sure about that, but maybe an exp
On Thu, 13 Feb 2025 16:27:03 GMT, Sean Mullan wrote:
> This change adds an API note to these methods recommending that the caller
> should perform further validation steps on the code signers that signed the
> JAR file, such as validating the code signer's certificate chain, and
On Fri, 14 Feb 2025 13:57:12 GMT, Sean Mullan wrote:
> > Hello Sean, given the assertable change to the API documentation of
> > `java.net.JarURLConnection.getCertificates()`, which now specifies the
> > order of the returned certificates, would this require a CSR?
>
>
On Thu, 13 Feb 2025 22:43:39 GMT, Jamil Nimeh wrote:
>> test/lib/jdk/test/lib/security/CertificateBuilder.java line 462:
>>
>>> 460: throws CertificateException, IOException,
>>> NoSuchAlgorithmException {
>>> 461:
>>> 462: AlgorithmId signAlg;
>>
>> This variable looks li
On Fri, 14 Feb 2025 07:33:58 GMT, Jaikiran Pai wrote:
> Hello Sean, given the assertable change to the API documentation of
> `java.net.JarURLConnection.getCertificates()`, which now specifies the order
> of the returned certificates, would this require a CSR?
Yes, I think we should. I'll do t
On Thu, 13 Feb 2025 19:45:19 GMT, Sean Mullan wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>&g
On Thu, 13 Feb 2025 18:58:00 GMT, Sean Mullan wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>&g
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with thes
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with thes
This change adds an API note to these methods recommending that the caller
should perform further validation steps on the code signers that signed the JAR
file, such as validating the code signer's certificate chain, and determining
if the signer should be trusted. There was already a similar wa
On Thu, 23 Jan 2025 14:49:28 GMT, Aleksey Shipilev wrote:
> I think I need another review for integration?
Alan's review should be sufficient I think. The bug should have a `noreg-self`
label.
-
PR Comment: https://git.openjdk.org/jdk/pull/23239#issuecomment-2610341728
On Tue, 26 Nov 2024 13:04:41 GMT, Eirik Bjørsnøs wrote:
> Please review this PR which adds the `final` modifier to non-subclassable
> classes in `java.base`.
>
> The classes were identified using an automated analysis. See CSR for details.
>
> Besides simply adding the `final` access modifier,
On Fri, 10 Jan 2025 08:22:37 GMT, Chen Liang wrote:
>> Here is a fix for https://bugs.openjdk.org/browse/JDK-8316882.
>>
>> Following discussion in nio-dev a while ago, I have opted to add a new
>> `NOT_INTERRUPTIBLE` open option, superseding
>> `FileChannelImpl#setUninterruptible`.
>
> src/ja
On Thu, 19 Dec 2024 20:48:18 GMT, Martin Balao wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase.
>
> Added a non-goal to the JEP to indicate that secu
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
On Wed, 18 Dec 2024 19:50:26 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
>> line 1092:
>>
>>> 1090: m(CKM_HKDF_DERIVE, CKM_HKDF_DATA));
>>> 1091: d(KDF, "HKDF-SHA512", P11KDF, m(CKM_SHA512_HMAC),
>>> 1092:
On Thu, 12 Dec 2024 04:14:22 GMT, Martin Balao wrote:
>> We would like to propose an implementation of the HKDF algorithms for
>> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
>> Derivation Function API
>> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
On Fri, 13 Dec 2024 16:54:05 GMT, Lance Andersen wrote:
> Please review this trivial PR which removes `(See below)` which was missed
> during the SQLPermission update as part of the updates for [JEP 486:
> Permanently Disable the Security Manager](https://openjdk.org/jeps/486)
>
> I have con
-bcc core-libs-dev as I don't think future discussions of this topic
needs to include that group.
I have been catching up on these discussions now that we have reached
JDK 24 RDP.
Martin,
I would like to see some of this captured in the Alternatives section in
the JEP, particularly Xuelei's
On Mon, 9 Dec 2024 13:02:15 GMT, Magnus Ihse Bursie wrote:
> Some files have been modified in 2024, but the copyright year has not been
> properly updated. This should be fixed.
>
> I have located these modified files using:
>
> git log --since="Jan 1" --name-only --pretty=format: | sort -u >
On Thu, 5 Dec 2024 14:46:14 GMT, Alan Bateman wrote:
>> We hollowed out ReflectUtil as one of the early steps when removing the code
>> for running in the SecurityManager execution mode. Most of the usages have
>> now been removed so the empty (and unused) methods can be removed.
>> FieldUtils
On Thu, 5 Dec 2024 10:20:50 GMT, Alan Bateman wrote:
> We hollowed out ReflectUtil as one of the early steps when removing the code
> for running in the SecurityManager execution mode. Most of the usages have
> now been removed so the empty (and unused) methods can be removed. FieldUtils
> and
On Wed, 4 Dec 2024 15:40:03 GMT, Sean Mullan wrote:
> The internal `ProtectionDomain.doIntersectionPrivilege` methods can be
> removed as all dependencies have been removed in post JEP 486 cleanup issues.
This pull request has now been integrated.
Changeset: de3a218a
Author: Sean
> The internal `ProtectionDomain.doIntersectionPrivilege` methods can be
> removed as all dependencies have been removed in post JEP 486 cleanup issues.
Sean Mullan has updated the pull request incrementally with one additional
commit since the last revision:
Add # to linkplai
On Wed, 4 Dec 2024 15:53:37 GMT, Weijun Wang wrote:
> I see in `SharedSecrets` these 2 imports are useless. Not sure if you want to
> take this chance to remove them as well.
>
> ```
> import java.io.PrintStream;
> import java.io.PrintWriter;
> ```
Sure. Fixed.
-
PR Comment: http
> The internal `ProtectionDomain.doIntersectionPrivilege` methods can be
> removed as all dependencies have been removed in post JEP 486 cleanup issues.
Sean Mullan has updated the pull request incrementally with one additional
commit since the last revision:
Remove unused i
The internal `ProtectionDomain.doIntersectionPrivilege` methods can be removed
as all dependencies have been removed in post JEP 486 cleanup issues.
-
Commit messages:
- Initial cleanup.
Changes: https://git.openjdk.org/jdk/pull/22548/files
Webrev: https://webrevs.openjdk.org/?re
On Mon, 2 Dec 2024 20:47:16 GMT, Roger Riggs wrote:
>> Remove sun/security/action/GetPropertyAction.java and all uses.
>>
>> Dependent on PR#22418
>
> Roger Riggs has updated the pull request incrementally with two additional
> commits since the last revision:
>
> - Remove unused import of Pr
On Mon, 2 Dec 2024 16:11:57 GMT, Jaikiran Pai wrote:
>> Can I please get a review of this change which removes usages of
>> SecurityManager related APIs and some leftover related to SecurityManager
>> changes?
>>
>> This addresses https://bugs.openjdk.org/browse/JDK-8345286. Most of these
>>
On Tue, 26 Nov 2024 22:38:14 GMT, Roger Riggs wrote:
>> The `java.lang.Sytem.security` field no longer exists; remove it from the
>> filterMap.
>
> Roger Riggs has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Update copyright
Marked as rev
On Tue, 26 Nov 2024 20:55:03 GMT, Roger Riggs wrote:
> The `java.lang.Sytem.security` field no longer exists; remove it from the
> filterMap.
Copyright should be updated.
-
PR Review: https://git.openjdk.org/jdk/pull/22400#pullrequestreview-2462675428
On Fri, 22 Nov 2024 23:17:17 GMT, Joe Wang wrote:
> Adjust JAXP Limits. Limits are adjusted as specified in the CSR.
>
> Tests:
> Updated the config test with the new settings.
>
> Removed obsolete tests Bug6309988.java and
> Bug4674384_MAX_OCCURS_Test.java, and files used by these
On Fri, 22 Nov 2024 23:17:17 GMT, Joe Wang wrote:
> Adjust JAXP Limits. Limits are adjusted as specified in the CSR.
>
> Tests:
> Updated the config test with the new settings.
>
> Removed obsolete tests Bug6309988.java and
> Bug4674384_MAX_OCCURS_Test.java, and files used by these
On Mon, 25 Nov 2024 20:55:10 GMT, Brent Christian wrote:
>> src/java.prefs/macosx/classes/java/util/prefs/MacOSXPreferencesFile.java
>> line 87:
>>
>>> 85: @SuppressWarnings("restricted")
>>> 86: private static void loadPrefsLib() {
>>> 87: System.loadLibrary("prefs");
>>
>> Wh
On Thu, 21 Nov 2024 10:24:28 GMT, Daniel Fuchs wrote:
>> This PR remove usage of SecurityManager, doPrivileges, etc... from
>> `java.logging` and `java.base/jdk.internal.logger`
>>
>> Only notable hack - Logger.checkPermission() no longer checks permissions,
>> but has been renamed into `ensur
On Tue, 19 Nov 2024 20:43:25 GMT, Sean Mullan wrote:
> Now that JEP 486 has been integrated, `java.security.jgss` and
> `jdk.security.jgss` module dependencies on `System.getSecurityManager` and
> `AccessController.doPrivileged*` can be removed.
>
> There is an undocumented
On Thu, 21 Nov 2024 06:49:10 GMT, Andrey Turbanov wrote:
>> Sean Mullan has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Fix minor spacing issues.
>
> src/java.security.jgss/share/classes/sun/security/jgss/
uot;
> that can probably be removed as it only affected behavior when an SM was
> enabled; however I have left the code that reads the property as-is (see
> sun/security/krb5/Realm.java) and have opened a separate issue to determine
> if it can be safely removed.
Sean Mullan has u
On Tue, 19 Nov 2024 18:52:59 GMT, Brent Christian wrote:
> Remove usages of SecurityManager, doPrivildged, and AccessController from the
> java.prefs module.
A few classes need updated copyrights.
-
PR Comment: https://git.openjdk.org/jdk/pull/22252#issuecomment-2486583493
On Tue, 19 Nov 2024 20:43:25 GMT, Sean Mullan wrote:
> Now that JEP 486 has been integrated, `java.security.jgss` and
> `jdk.security.jgss` module dependencies on `System.getSecurityManager` and
> `AccessController.doPrivileged*` can be removed.
>
> There is an undocumented
Now that JEP 486 has been integrated, `java.security.jgss` and
`jdk.security.jgss` module dependencies on `System.getSecurityManager` and
`AccessController.doPrivileged*` can be removed.
There is an undocumented property named "sun.security.krb5.autodeducerealm"
that can probably be removed as
On Tue, 19 Nov 2024 18:52:59 GMT, Brent Christian wrote:
> Remove usages of SecurityManager, doPrivildged, and AccessController from the
> java.prefs module.
src/java.prefs/share/classes/java/util/prefs/AbstractPreferences.java line 1059:
> 1057: * preference tree.
> 1058: */
On Fri, 15 Nov 2024 18:32:58 GMT, Roger Riggs wrote:
> This cleanup of the use of SecurityManager is in the jdk.unsupported module.
> Removed the permission check to call getReflectionFactory().
Marked as reviewed by mullan (Reviewer).
Is this worthy of a release note?
-
PR Review
On Fri, 15 Nov 2024 18:32:58 GMT, Roger Riggs wrote:
> This cleanup of the use of SecurityManager is in the jdk.unsupported module.
> Removed the permission check to call getReflectionFactory().
What about `sun.misc.Unsafe`? There are a couple of
`AccessController.doPrivileged` calls.
On Thu, 14 Nov 2024 06:28:25 GMT, Prasadrao Koppula
wrote:
>> src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java line 283:
>>
>>> 281: if (ks != null && SSLLogger.isOn &&
>>> SSLLogger.isOn("trustmanager")) {
>>> 282: String keystorePath = SharedSecrets
>>>
On Fri, 15 Nov 2024 20:34:31 GMT, Eirik Bjørsnøs wrote:
>> Either way is fine. I think we probably need to review the majority of uses
>> of VM.savedPropoerty as they mostly relate to SM boot circularity. So we
>> will change this one either now or later.
>
> I would prefer if we could deal w
On Thu, 14 Nov 2024 20:28:31 GMT, Eirik Bjørsnøs wrote:
>> Please review this PR which cleans up security manager related code in
>> `java.util.zip` and `java.util.jar`:
>>
>> * `JarFile` and `ZipFile` are updated to use `System::getProperty` instead
>> of `GetPropertyAction::privilegedGetProp
On Thu, 14 Nov 2024 19:58:21 GMT, Eirik Bjørsnøs wrote:
>> As long as the line in your ide is around 80 characters or less you are
>> good to go. If it is say 100 bytes so you have to scroll, that is when I
>> would fold the line.
>>
>> I think you are OK here
>
> Yes, they are 96 and 98 cha
On Thu, 14 Nov 2024 13:21:33 GMT, Eirik Bjørsnøs wrote:
>> Please review this PR which cleans up security manager related code in
>> `java.util.zip` and `java.util.jar`:
>>
>> * `JarFile` and `ZipFile` are updated to use `System::getProperty` instead
>> of `GetPropertyAction::privilegedGetProp
On Thu, 14 Nov 2024 16:56:00 GMT, Eirik Bjørsnøs wrote:
>> test/jdk/jdk/nio/zipfs/TestPosix.java line 236:
>>
>>> 234: }
>>> 235: return zfpv.readAttributes().group().getName();
>>> 236: } catch (UnsupportedOperationException | NoSuchFileException
>>> e) {
>>
>>
On Thu, 14 Nov 2024 17:01:48 GMT, Eirik Bjørsnøs wrote:
>> Please review this PR which cleans up SecurityManager-related code following
>> JEP-486 integraion.
>>
>> * `ZipFileSystem` is updated to not perform `AccessController::doPrivileged`
>> * `ZipFileSystemProvider` is updated to not perfor
On Thu, 14 Nov 2024 17:19:02 GMT, Roger Riggs wrote:
>> After [JDK-8338411](https://bugs.openjdk.org/browse/JDK-8338411),
>> Serialization implementation dependencies on SecurityManager, doPrivildged,
>> and AccessController are removed.
>> Some refactoring to cleanup the remaining code is expe
On Thu, 14 Nov 2024 14:43:50 GMT, Eirik Bjørsnøs wrote:
>> Please review this PR which cleans up SecurityManager-related code following
>> JEP-486 integraion.
>>
>> * `ZipFileSystem` is updated to not perform `AccessController::doPrivileged`
>> * `ZipFileSystemProvider` is updated to not perfor
On Wed, 13 Nov 2024 15:35:42 GMT, Roger Riggs wrote:
>> After [JDK-8338411](https://bugs.openjdk.org/browse/JDK-8338411),
>> Serialization implementation dependencies on SecurityManager, doPrivildged,
>> and AccessController are removed.
>> Some refactoring to cleanup the remaining code is expe
On Wed, 13 Nov 2024 15:35:42 GMT, Roger Riggs wrote:
>> After [JDK-8338411](https://bugs.openjdk.org/browse/JDK-8338411),
>> Serialization implementation dependencies on SecurityManager, doPrivildged,
>> and AccessController are removed.
>> Some refactoring to cleanup the remaining code is expe
On Thu, 14 Nov 2024 10:18:18 GMT, Eirik Bjørsnøs wrote:
> Please review this PR which cleans up security manager related code in
> `java.util.zip` and `java.util.jar`:
>
> * `JarFile` and `ZipFile` are updated to use `System::getProperty` instead of
> `GetPropertyAction::privilegedGetProperty`
On Wed, 13 Nov 2024 19:05:21 GMT, Alan Bateman wrote:
>> Remove code required for the now defunct SecurityManager execution mode from
>> java.lang.Class, friends, and reflection APIs. Careful review is required so
>> I've set Reviewer to 2. I've tried to keep the changes as easy to review as
>
On Wed, 13 Nov 2024 15:51:44 GMT, Roger Riggs wrote:
>> Refactor removing the dependencies on SecurityManager, doPrivileged, and
>> AccessController.
>
> Roger Riggs has updated the pull request incrementally with two additional
> commits since the last revision:
>
> - Merge branch '8343958-p
On Wed, 13 Nov 2024 13:48:14 GMT, Per Minborg wrote:
> This PR proposes to remove the security manager dependencies in the FFM
> implementing classes.
I didn't get a chance to review until now, had one small comment.
src/java.base/share/classes/jdk/internal/foreign/abi/fallback/LibFallback.jav
On Wed, 13 Nov 2024 14:12:34 GMT, Roger Riggs wrote:
>> After [JDK-8338411](https://bugs.openjdk.org/browse/JDK-8338411),
>> Serialization implementation dependencies on doPriviledged and
>> AccessController are removed.
>> Some refactoring to cleanup the remaining code is expected.
>
> Roger R
On Wed, 13 Nov 2024 14:12:34 GMT, Roger Riggs wrote:
>> After [JDK-8338411](https://bugs.openjdk.org/browse/JDK-8338411),
>> Serialization implementation dependencies on doPriviledged and
>> AccessController are removed.
>> Some refactoring to cleanup the remaining code is expected.
>
> Roger R
On Wed, 13 Nov 2024 14:12:34 GMT, Roger Riggs wrote:
>> After [JDK-8338411](https://bugs.openjdk.org/browse/JDK-8338411),
>> Serialization implementation dependencies on doPriviledged and
>> AccessController are removed.
>> Some refactoring to cleanup the remaining code is expected.
>
> Roger R
On Tue, 12 Nov 2024 18:05:46 GMT, Roger Riggs wrote:
>> Refactor removing the dependencies on SecurityManager, doPrivileged, and
>> AccessController.
>
> Roger Riggs has updated the pull request with a new target base due to a
> merge or a rebase. The pull request now contains 228 commits:
>
>
On Mon, 14 Oct 2024 13:52:24 GMT, Sean Mullan wrote:
> This is the implementation of JEP 486: Permanently Disable the Security
> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail th
On Thu, 24 Oct 2024 17:03:25 GMT, Alexey Ivanov wrote:
>> Sean Mullan has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 150 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486&
On Fri, 1 Nov 2024 19:40:03 GMT, Alexey Ivanov wrote:
>> Sean Mullan has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 200 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486' into
On Fri, 8 Nov 2024 18:31:13 GMT, Harshitha Onkar wrote:
>> It has a value… when it's mentioned with `@see`, the link is present in the
>> *See Also* section, as you can see in the the specification of
>> [`MouseInfo.getPointerInfo()`](https://docs.oracle.com/en/java/javase/21/docs/api/java.desk
ager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
>
ager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
>
ager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
>
On Thu, 7 Nov 2024 04:44:25 GMT, Prasadrao Koppula wrote:
>> Using SharedSecrets, I attempted to expose FileInputStream::path
>> information. After implementing the fix, I validated the startup performance
>> tests. Observed no consistent pattern of performance drops or gains, can
>> disregard
On Tue, 5 Nov 2024 18:58:22 GMT, Sean Mullan wrote:
>> This is the implementation of JEP 486: Permanently Disable the Security
>> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
>> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in d
On Sun, 3 Nov 2024 12:33:05 GMT, Alan Bateman wrote:
>> Right - this paragraph - lines 1620-1625 (old file) / 1362-1367 (new file)
>> is no longer relevant and should be removed too. Thanks for spotting that.
>
> Removed in jep486 branch in sandbox so will get picked up when PR is
> refreshed.
ager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
>
ager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
>
On Mon, 4 Nov 2024 16:09:33 GMT, Weijun Wang wrote:
> The test was mistakenly put in a package as the library class it's testing.
> This is unnecessary since there is no internal field/method it needs access
> to.
Marked as reviewed by mullan (Reviewer).
-
PR Review: https://git.
On Tue, 29 Oct 2024 14:19:05 GMT, Weijun Wang wrote:
>> test/jdk/javax/xml/crypto/dsig/ErrorHandlerPermissions.java line 1:
>>
>>> 1: /*
>>
>> @wangweij It looks like this test can be deleted as it was specifically
>> trying to check that a `SecurityException` wasn't thrown, or did you think
On Fri, 25 Oct 2024 21:18:41 GMT, Sean Mullan wrote:
> Comments on `java.security` classes.
>
> Also, I'd like to see some clarifications on what "the installed policy" or
> "the current policy" is. The `ProtectionDomain` mentions this when talking
>
On Fri, 25 Oct 2024 20:44:25 GMT, Roger Riggs wrote:
>> Sean Mullan has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 150 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486' into JD
On Tue, 29 Oct 2024 18:35:05 GMT, Brent Christian wrote:
>> Sean Mullan has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 186 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486&#
On Mon, 28 Oct 2024 20:12:27 GMT, Roger Riggs wrote:
> Reviewed all tests under test/jaxp/javax/xml/jaxp. A few imports moved around
> unnecessarily but otherwise looks fine.
JAXP test comments fixed in
https://github.com/openjdk/jdk/pull/21498/commits/5577e4884710eba498ee5f40fa85d47eaa07364d
On Tue, 29 Oct 2024 17:07:56 GMT, Harshitha Onkar wrote:
>> src/java.desktop/share/classes/java/awt/Font.java line 1613:
>>
>>> 1611: * interpreted as a {@code Font} object according to the
>>> 1612: * specification of {@code Font.decode(String)}
>>> 1613: * If the specified prope
On Wed, 30 Oct 2024 19:28:32 GMT, Sean Mullan wrote:
>> This is the implementation of JEP 486: Permanently Disable the Security
>> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
>> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in d
ager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
>
On Mon, 28 Oct 2024 21:02:44 GMT, Sean Mullan wrote:
>> Sean Mullan has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 175 commits:
>>
>> - Merge remote-tracking branch 'jdk-sandbox/jep486' i
1 - 100 of 232 matches
Mail list logo
