Hi, could somebody please explain to me how JDK-8302483 made it into all JDK versions? This patch breaks hundred of software systems as it modifies the behavior of java.util.zip.ZipFile, making it unable to read perfectly valid ZIP files. Even more this behavior can not be changed at run-time (e.g. from within a library), only by setting a property on the command-line this additional check can be disabled.
Effectively this means you can no longer use java.util.zip.ZipFile for reading arbitrary ZIP files and have to switch to alternative implementations like Apache Commons compress. Please be aware that a lot auf Android APK files trigger the exception java.util.zip.ZipException: Invalid CEN header This means all Java based software processing Android APK files now have a problem... And everything just because someone wrote a patch to "Enhance ZIP performance" (according to the commit message)!? https://github.com/openjdk/jdk/commit/fff7e1ad00be07810bf948b8a6f94e83c435fa1f Sorry, but I really don't understand how this patch made it's way into OpenJDK. Also why is JDK-8302483 non-public - is it security related? If yes what CVE does it fix? Jan
