On Tue, 1 Oct 2024 15:32:27 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
> > I was thinking this needed a CSR and release note anyway. > > true - but the risk of causing regression in existing code might be higher? Maybe, but it seems unlikely that existing code would set an authenticator object and also set an authentication header which ends up not being used. Any code that sets an authentication header is probably using valid credentials I would think. ------------- PR Comment: https://git.openjdk.org/jdk/pull/21249#issuecomment-2388000914
