The behavior of `java.net.URLPermission` has changed slightly. It was previously specified to ignore query and fragment components in the supplied URL string. However, this behavior was not implemented and any query or fragment were included in the internal permission URL string. The change here is to implement the behavior as specified. Internal usages of `URLPermission` in the JDK do not include queries or fragments. So, this will not change. In the unlikely event that user code was creating `URLPermission` objects explicitly, then the behavior change may be seen and that permission checks which failed erroneously previously, will now pass as expected.