Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207846

Generalize the jdk.net.includeInExceptions security property

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 11
    • Fix Version/s: 12
    • Component/s: core-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b05
    • Verification:
      Verified

      Backports

        Description

        JDK-8204233 added a new security property, `jdk.net.includeInExceptions`, to include additional, potentially security sensitive, information in exception detail messages in the networking area. The property accepts a comma separated list of values that specifies the particular type of extra detail information to add.

        Since its addition, in JDK 11, further uses have arisen to include additional, potentially security sensitive, information in exception detail messages in other areas, namely the java.util.jar APIs. See JDK-8205525, and http://mail.openjdk.java.net/pipermail/core-libs-dev/2018-July/054284.html

        Given that this mechanism will likely be used more generally across different parts of the platform, it seem prudent to rename the property to be less area-specific, thus allowing for additional argument values to be specified, like for example `jarPath`.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  chegar Chris Hegarty
                  Reporter:
                  chegar Chris Hegarty
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: