Also, a colleague informs me that 17.0.5 (as packaged by Debian) w/o `-Djdk.spnego.cache=false` doesn't exhibit the double-free/use-after-free crashes (as expected), but:
> I do see some "Authentication failure" / and "java.lang.NullPointerException: > Cannot invoke "sun.net.www.protocol.http.Negotiator.nextToken(byte[])" > because "this.negotiator" is null". That seems to support the idea that the `AuthCache` is harmful. Nico --
