On Tue, 2 Dec 2025 20:28:50 GMT, Koushik Muthukrishnan Thirupattur <[email protected]> wrote:
> The implementation of JarEntry.getCodeSigners() and getCertificates() both > return a copy of the original array. However, the documentation of these 2 > methods currently doesn't specify this. Looks good in principle to indicate non-uniqueness. Please find security area reviewers to double check. You should also create a CSR for this specification change. ------------- Marked as reviewed by liach (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/28615#pullrequestreview-3532560572
