Sandeep Konchady <sandeep.konchady@...> writes:
> > Hi Mickey, > The issue you are seeing is intended behavior. This was caused because of a vulnerability that was fixed in 7u25 in which which a getCodeBase call against all local applet/jnlp apps will return null. > > > Thanks, > Sandeep > > > On Jun 19, 2013, at 3:18 PM, "Mickey Segal" <ja...@segal.org> wrote: > > The local getCodeBase problem is not present in Java 8 build 94, the most recent version. > > > From: Mickey Segal [mailto:java3 <at> segal.org] Sent: Wednesday, June 19, 2013 3:56 PMTo: Java Security (security-dev@openjdk.java.net)Subject: RE: getCodeBase broken locally in 7 update 25 > > > The same getCodeBase problem seems to be occurring on the MacOS version too. > > From: Mickey Segal [mailto:ja...@segal.org] > I upgraded a Windows 7 computer to Java version 1.7.0_25 from 1.7.0_21. A getCodeBase call in a signed applet now returns null. In previous versions of Java, getCodeBase returned a URL that referred to the current directory (tested from Java 1.1 to 1.7.0_21 over the years). > > Was this done purposely for security reasons, or is it just a bug? > > I will also test on Macintosh and report back on macosx-port-dev if it is a problem there too. > > > > > Howdy, Is there any more information on this change, such as what security this actually provides? Thanks In Advance, Phillip Thomas