(adding core-libs-dev) Ping?
> I just realized that this has still not been reviewed. Can I do anything > to move forward? > > Thanks, > Roman > >> I added one extra verification to the JAXP based properties parser to >> verify that no extra internal DTD is being supplied. As far as I can >> tell, the other checks that have been added to the ukit parser for this >> bug are already done by the JAXP parser, by validating the XML against >> the built-in DTD. >> >> Webrev: >> http://cr.openjdk.java.net/~rkennke/JDK-8213325/webrev.01/ >> >> This passes all relevant tests, and I also run tier1 w/o regressions. >> >> What do you think? >> >> Roman >> >>> This is a backport of: >>> >>> https://bugs.openjdk.java.net/browse/JDK-8227274 >>> >>> which is a backport of the original: >>> >>> https://bugs.openjdk.java.net/browse/JDK-8213325 >>> >>> It's mostly the original change with a few significant extra modifications: >>> >>> - >>> src/share/classes/sun/util/xml/META-INF/services/sun.util.spi.XmlPropertiesProvider >>> >>> is changed from: >>> sun.util.xml.PlatformXmlPropertiesProvider >>> >>> to: >>> jdk.internal.util.xml.BasicXmlPropertiesProvider >>> >>> The reason is that the fix is for the latter, but 8u uses the former by >>> default. As far as I understand, the latter uses the new slimmer parser, >>> while the former uses the fullblown XML parser, but I am not sure about >>> that. However, we need to consider this, because it might be a very >>> significant change. >>> >>> The alternative would be to port over the fixes to the other XML parser, >>> which I have no desire to do. >>> >>> - The (test) JAR file: >>> test/java/util/spi/ResourceBundleControlProvider/rbcontrolprovider.jar >>> >>> has been regenerated from the modified sources XmlRB.xml and XmlRB_ja.xml. >>> >>> This is not present in jdk11 and later. I think it's generated on the >>> fly and not checked-in. >>> >>> Webrev: >>> http://cr.openjdk.java.net/~rkennke/JDK-8213325/webrev.00/ >>> >>> Testing: New testcases are passing. No regressions in tier1 tests. >>> >>> Opinions? Can I get reviews? >>> >>> Thanks, >>> Roman >>> >> >
