https://bugs.documentfoundation.org/show_bug.cgi?id=134248
Bug ID: 134248
Summary: JURT and JUH JARs contain bad class path declaration
Product: LibreOffice
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: sdk
Assignee: [email protected]
Reporter: [email protected]
This is actually two bugs. The most serious is
1.) The Class-Path declaration in the respective META-INF/MANIFEST.MF files
contains ../ as an entry. This does not make sense and has the potential to
screw up IDEs and runtime deployments by adding completely unrelated parts of
the file system to the class path[1]. It may also qualify as a security issue.
2.) Class-Path also contains entries like "ridl.jar unoloader.jar". This does
not make sense either. These JARs normally do not extist since they are usually
distributed[2] with a version suffix in the file name, e.g. ridl-6.4.3.jar.
The best solution to solve this issue is probably to remove the Class-Path
entry from the MANIFEST.MF files altogether.
[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=563819
[2] https://repo1.maven.org/maven2/org/libreoffice/juh/6.4.3/
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
