I can understand the change in Permissions, but is there any difference in PermissionsHash?
--Max > On Apr 2, 2019, at 1:10 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > It is currently possible to change the mappings in a serialized > java.security.Permissions object such that they no longer map correctly, and > Permissions.readObject won't detect this. > > This change makes sure that for a deserialized Permissions object, the > permissions are mapped correctly to the class that they belong to. It does > this by calling add() again for each permission in the deserialized > Permissions object. The same technique was applied to a serialized > PermissionsHash object which is used to store Permissions that don't > implement their own PermissionCollection. > > bug: https://bugs.openjdk.java.net/browse/JDK-8020637 > webrev: http://cr.openjdk.java.net/~mullan/webrevs/8020637/webrev.00/ > > Thanks, > Sean >
