On Wed, Nov 20, 2019 at 8:59 AM Alan Bateman <alan.bate...@oracle.com> wrote: > > On 20/11/2019 13:50, David Lloyd wrote: > > : > > OK, but this decision violates both the old and updated spec (and > > makes it difficult to write code that works in both cases: in > > situations that reject absolute URLs (javac) and in situations that > > reject drive letters (this code)), so I would request that this be > > revisited. > > > This cannot be rushed as it require detailed security analysis.
Sure, whatever process is necessary should be undertaken. Hopefully there is not a lot to do in terms of security analysis for this particular change though; I imagine it's more of just running through the process. But when the just-rewritten code doesn't meet the just-rewritten spec, I think it's warranted. > Is there > any reason why you need to encode absolute file paths as relative URLs? > I assume the use-case discussed here will work if File::toURI or toURL > is used to create the file URL as it will have the "file:" scheme. I'll see where the usages are. I believe at least one usage is out of our control though, and I'm pretty sure that Maven uses absolute paths for surefire and failsafe (test) launching. -- - DML