https://bz.apache.org/ooo/show_bug.cgi?id=127197
Issue ID: 127197
Issue Type: ENHANCEMENT
Summary: Bundling msvcr100.dll is error-prone, insecure and
hard to maintain
Product: General
Version: 4.1.3
Hardware: All
OS: Windows, all
Status: CONFIRMED
Severity: Normal
Priority: P5 (lowest)
Component: code
Assignee: [email protected]
Reporter: [email protected]
Due to Issue 120979 we bundle msvcr100.dll to support Java on Windows.
Although this isn't bad, MS advises to use the Visual C++ Redistributable
Packages or redistributable merge modules:
"It's also possible to directly install redistributable Visual C++ DLLs in the
application local folder, which is the folder that contains your executable
application file. For servicing reasons, we do not recommend that you use this
installation location."
>From https://msdn.microsoft.com/en-us/library/ms235299.aspx
If MS found a vulnerability in msvcr100.dll, we should provide a new release
just to fix it by including the new version of the DLL.
--
You are receiving this mail because:
You are the assignee for the issue.
