On 24/03/2020 08:19, Langer, Christoph wrote:
Ah, I see... JDK-8218573 is JDK11u/JDK13u specific. Looks like it was derived
from JDK-8217997 in jdk/jdk but pushed as a different bug. jdk/jdk was the only
place where I was looking for JDK-8218573, so I couldn't find it.
I don't have time to dig into this tangled web but it does appear that a
backport issue was used instead of the main issue in at least one case.
That might be part of the confusion with the JBS issues. It also appears
that JDK-8223326 has been backported to several releases where it is not
applicable.
By spec part you mean the "@throws SecurityException" sections? Do you think
those should not have been part of the 11u/13u change? Should these be even rolled back?
The spec changes to NetPermission and the protected Socket constructor
should not be in the update releases. If a security fix involves a spec
clarification then a good starting assumption is that the scope of the
change for the update releases, if applicable, will be bit different.
-Alan.