Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
configadmin-1.2.8
-
None
Description
R 4.3 Configuration Admin (v.1.4) spec says that permissions on Configuration.getBundleLocation() must be check as follows:
• ConfigurationPermission[this.location,CONFIGURE] - if this.location is not null
• ConfigurationPermission["*",CONFIGURE] - if this.location is null
Currently the special case check in case of "this.location is null" is not correctly done thus granting permission to generously.