On Wed, 28 May 2025 11:13:12 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> Hi, >> >> Enhanced exception messages are designed to hide sensitive information such >> as hostnames, IP >> addresses from exception message strings, unless the enhanced mode for the >> specific category >> has been explicitly enabled. Enhanced exceptions were first introduced in >> 8204233 in JDK 11 and >> updated in 8207846. >> >> This PR aims to increase the coverage of enhanced exception messages in the >> networking code. >> A limited number of exceptions are already hidden (restricted) by default. >> The new categories and >> exceptions in this PR will be restricted on an opt-in basis, ie. the default >> mode will be enhanced >> (while preserving the existing behavior). >> >> The mechanism is controlled by the security/system property >> "jdk.includeInExceptions" which takes as value >> a comma separated list of category names, which identify groups of >> exceptions where the exception >> message may be enhanced. Any category not listed is "restricted" which means >> that potentially >> sensitive information (such as hostnames, IP addresses, user identities) are >> excluded from the message text. >> >> The changes to the java.security conf file describe the exact changes in >> terms of the categories now >> supported and any changes in behavior. >> >> Thanks, >> Michael > > Michael McMahon has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 30 commits: > > - Merge branch 'master' into 8348986-exceptions > - Merge branch 'master' into 8348986-exceptions > - Merge branch 'master' into 8348986-exceptions > - update > - reduced number of new categories > - Merge branch 'master' into 8348986-exceptions > - Merge branch 'master' into 8348986-exceptions > - Merge branch 'master' into 8348986-exceptions > - Merge branch 'master' into 8348986-exceptions > - Review update > - ... and 20 more: https://git.openjdk.org/jdk/compare/0671309d...cf179f7d her are few file with IOException, UnknownHostException and MalformedURLException, which are worth reviewing form Exception that may have been missed open/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java Ln 562 open/src/java.base/share/classes/sun/security/x509/IPAddressName.java open/src/java.base/share/classes/sun/security/x509/URIName.java open/src/java.base/share/classes/sun/security/x509/RDN.java open/src/java.base/share/classes/java/util/jar/JarFile.java UnknownHostException open/src/java.base/share/classes/sun/nio/ch/SocketAdaptor.java open/src/java.base/share/classes/sun/nio/ch/NioSocketImpl.java MalformedURLException open/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java open/src/java.base/share/classes/java/net/URL.java — Invalid port open/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java open/src/java.naming/share/classes/com/sun/jndi/toolkit/url/Uri.java open/src/java.rmi/share/classes/java/rmi/Naming.java ------------- PR Comment: https://git.openjdk.org/jdk/pull/23929#issuecomment-2917817454
