Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
7.2.0
-
Minor
Description
JAR files embedded in manifests could represent a security risk, and should therefore have an option to disallow them or only allow them when signed.
Probably we will want to check the signature on the manifest, and require that the manifest specify a CRC for the files it links to.