On Tue, 24 Oct 2023 15:33:34 GMT, Michael McMahon <[email protected]> wrote:
> Hi, > > This fix resolves a VM crash issue caused by a memory use after free in JGSS > native code. The cause is the `java.net.HttpURLConnection` implementation > which is incorrectly caching GSS context objects which end up being used and > reused by multiple threads in parallel, and in fact should only be used once, > with separate instances for separate requests (requiring authentication). The > fix is very simple and is just that the NegotiateAuthentication class needs > to be marked as non-cacheable. A test is not included here as it requires > testing against real servers that aren't publicly accessible. > > Thanks, > Michael Is this fix expected to be backported to the LTS versions that were affected when https://bugs.openjdk.org/browse/JDK-8303809 was backported? ------------- PR Comment: https://git.openjdk.org/jdk/pull/16347#issuecomment-1902239052
