ksrini [Mon, 22 Jun 2009 07:23:20 -0700] rev 3463
6830335: Java JAR Pack200 Decompression Integer Overflow Vulnerability
Summary: Fixes a potential vulnerability in the unpack200 logic, by adding extra checks, a back-port.
Reviewed-by: asaha
mullan [Tue, 23 Jun 2009 13:54:36 -0400] rev 3462
6824440: XML Signature HMAC issue
Reviewed-by: asaha
asaha [Mon, 22 Jun 2009 13:36:37 -0700] rev 3461
6656610: AccessibleResourceBundle.getContents exposes mutable static (findbugs)
Reviewed-by: hawtin
asaha [Thu, 18 Jun 2009 22:53:54 -0700] rev 3460
Merge
asaha [Thu, 18 Jun 2009 22:45:16 -0700] rev 3459
Merge
asaha [Wed, 17 Jun 2009 13:12:42 -0700] rev 3458
Merge
malenkov [Thu, 18 Jun 2009 14:08:07 +0400] rev 3457
6660049: Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics
Reviewed-by: hawtin
asaha [Fri, 12 Jun 2009 12:26:20 -0700] rev 3456
Merge
asaha [Fri, 12 Jun 2009 10:54:48 -0700] rev 3455
Merge
asaha [Thu, 07 May 2009 13:18:12 -0700] rev 3454
Merge
amenkov [Wed, 13 May 2009 14:32:33 +0400] rev 3453
6777448: JDK13Services.getProviders creates instances with full privileges [hawtin, alexp]
Reviewed-by: hawtin, alexp
amenkov [Wed, 13 May 2009 14:32:14 +0400] rev 3452
6738524: JDK13Services allows read access to system properties from untrusted code
Reviewed-by: hawtin
amenkov [Wed, 13 May 2009 13:52:52 +0400] rev 3451
6657625: RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
Reviewed-by: hawtin
chegar [Tue, 12 May 2009 16:32:34 +0100] rev 3450
6801071: Remote sites can compromise user privacy and possibly hijack web sessions
Reviewed-by: jccollet, hawtin
bae [Fri, 08 May 2009 16:15:15 +0400] rev 3449
6823373: [ZDI-CAN-460] Java Web Start JPEG header parsing needs more scruity
Reviewed-by: igor
bae [Fri, 08 May 2009 15:57:33 +0400] rev 3448
6657133: Mutable statics in imageio plugins (findbugs)
Reviewed-by: prr
bae [Fri, 08 May 2009 15:38:21 +0400] rev 3447
6656625: ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs)
Reviewed-by: prr
emcmanus [Thu, 07 May 2009 10:44:45 +0200] rev 3446
6736293: OpenType checks can be bypassed through finalizer resurrection
Reviewed-by: hawtin
art [Wed, 06 May 2009 15:17:22 +0400] rev 3445
6656586: Cursor.predefined is protected static mutable (findbugs)
Reviewed-by: hawtin, igor
anthony [Tue, 05 May 2009 17:56:31 +0400] rev 3444
6818787: It is possible to reposition the security icon too far from the border of the window on X11
Summary: The constraints for the position of the icon are moved to the shared code
Reviewed-by: art, dcherepanov
anthony [Tue, 05 May 2009 17:47:04 +0400] rev 3443
6805231: Security Warning Icon is missing in Windows 2000 Prof from Jdk build 6u12
Summary: The icon becomes layered only when the fading-out effect is being performed.
Reviewed-by: art, dcherepanov
jccollet [Tue, 05 May 2009 11:02:51 +0200] rev 3442
6801497: Proxy is assumed to be immutable but is non-final
Summary: Cloned the proxy instance when necessary
Reviewed-by: chegar
peterz [Tue, 05 May 2009 12:07:37 +0400] rev 3441
6837293: Reapply fix for 6588003 to JDK7
Reviewed-by: alexp
asaha [Wed, 29 Apr 2009 11:43:19 -0700] rev 3440
Merge
malenkov [Wed, 29 Apr 2009 20:55:13 +0400] rev 3439
6777487: Encoder allows reading private variables with certain names
Reviewed-by: peterz
malenkov [Wed, 29 Apr 2009 20:03:09 +0400] rev 3438
6660539: Introspector shares cache of mutable BeanInfo between AppContexts.
Reviewed-by: peterz
chegar [Fri, 07 Aug 2009 10:51:25 +0100] rev 3437
6826801: JarFileFactory should not use HashMap<URL>
Summary: Replace URL with a String representation.
Reviewed-by: michaelm, jccollet
chegar [Fri, 07 Aug 2009 10:50:26 +0100] rev 3436
6826780: URLClassPath should use HashMap<String, XXX> instead of HashMap<URL, XXX>
Summary: Replace URL with a String representation.
Reviewed-by: michaelm, jccollet
tbell [Thu, 06 Aug 2009 19:01:59 -0700] rev 3435
Merge
jrose [Thu, 06 Aug 2009 18:30:33 -0700] rev 3434
6838598: Legal notice repair: jdk/src/share/classes/sun/dyn/FilterGeneric.java
Reviewed-by: xdono
wetmore [Thu, 06 Aug 2009 17:56:59 -0700] rev 3433
6867657: Many JSN tests do not run under cygwin
Reviewed-by: ohair
dcubed [Wed, 05 Aug 2009 13:17:30 -0600] rev 3432
6868533: 3/4 JDI: remove '-source 1.5' and '-target 1.5' options from com.sun.jdi tests
Summary: We are long past needing to make sure these tests can build on Tiger/JDK1.5.0.
Reviewed-by: tbell