You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Karl Pauls (Jira)" <ji...@apache.org> on 2021/06/10 20:12:00 UTC

[jira] [Updated] (FELIX-6416) FELIX-6326 breaks JDK9+ URLClassLoader by allowing incorrect URL paths

     [ https://issues.apache.org/jira/browse/FELIX-6416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Karl Pauls updated FELIX-6416:
------------------------------
    Fix Version/s: framework-6.0.5

> FELIX-6326 breaks JDK9+ URLClassLoader by allowing incorrect URL paths
> ----------------------------------------------------------------------
>
>                 Key: FELIX-6416
>                 URL: https://issues.apache.org/jira/browse/FELIX-6416
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: framework-6.0.4
>         Environment: MacOS
>            Reporter: Piotr Klimczak
>            Assignee: Karl Pauls
>            Priority: Blocker
>             Fix For: framework-7.0.2, framework-6.0.5
>
>
> '#' sign represents URL fragment and is not valid URL path element.
> As per spec it is not allowed for it to be a part of path and instead must be URL encoded.
> So for example for file in location in UNIX systems: "/Users/piotrklimczak/test#", the valid URL encoding to load it in Java is:
> {code:java}
> new File(new URL("file:///Users/piotrklimczak/test%23").toURI()) {code}
> Works.
> While
> {code:java}
> new File(new URL("file:///Users/piotrklimczak/test#").toURI()) {code}
> Returns java.lang.IllegalArgumentException in Java: URI has a fragment component
> FELIX-6326 effectively allows '#' to be accepted as valid URL path element, which in turn breaks JDK9+ URLClassLoader which is using URL fragment (ref) to deal with multi-release jars.
> This then breaks pax-transx-tm-narayana installation in Karaf 4.3.1 (which uses URLClassLoader).
> In my opinion FELIX-6326 should be reverted and users should be encoding special characters correctly in their resource paths as per above example.
> I've taken a risk to mark it as a blocker as effectively it blocks using Narayana TM, rendering Karaf 4.3.1 not usable for us.
> Feel free to downgrade it if my judgement failed here.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)