Todd Lipcon wrote:
I was seeing errors in 18 without escape analysis explicitly enabled. So
unless it became enabled by default in 18, I don't think that was the issue.
That's not good. The security fixes in this JVM do hint it's something
to deploy sooner rather than later.
http://isc.sans.org/diary.html?storyid=8572
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
"Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible. This
Critical Patch Update contains 27 new security fixes across all products."
There's something involving imageIO, which may imply JPEG or other image
processing as a vulnerability; the other details are too vague to be
sure what the implications are.
