Hi Helder, thanks for raising awareness for this issue. I'm not sure we need to replicate the security warning issued by Oracle. If it were our own security problem that would of course be something else.
On 14.10.2010 08:02:48 Helder Magalhães wrote: > Hi everyone, > > > Today I stumbled across the (Oracle) SE 1.6 update 22 release notes > [1]. Initially, it made me curious about a couple of imageio-related > issues [2] [3], something which may become useful in the scope of > related Batik issue 46513 [4] (possibly/probably there is also related > interest in the scope of xmlgraphics-commons [5] and/or FOP [7]). > Afterward, I noticed the highly relevant security fixes [7], which may > currently affect most (any?) current Java-based project, with the > specially alarmist nuance of potentially exposing Java applets and Web > start applications (which is pretty serious in my opinion). Note that > the security issue, as far as I could see, affects all known Java > versions (ranging from Java 1.3.x to 6.0, previous versions probably > just unlisted due already been EOL'ed). > > I'm thinking if this may worth a mention in the software download > pages, kind of the Batik 1.5.0 release security warning [8]...? (Yes, > it's not the same as this is due to a VM issue but... How to others > feel about this?) > > Please forward at will, keep software updated and please reply to > general@ only to avoid (more) cross-posting. (Non-Oracle users and > watchers of several of the targeted mailing lists, please excuse the > "spam-effect", if any.) > > > Cheers, > Helder > > > [1] http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html > [2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6547241 > [3] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6557086 > [4] https://issues.apache.org/bugzilla/show_bug.cgi?id=46513 > [5] http://xmlgraphics.apache.org/commons/ > [6] http://xmlgraphics.apache.org/fop/ > [7] > http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html > [8] http://xmlgraphics.apache.org/batik/index.html#download > Jeremias Maerki --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
