[
https://jira.jboss.org/jira/browse/RF-8610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12528547#action_12528547
]
henk de boer commented on RF-8610:
----------------------------------
Nick, is moving this to Future really a good move? It's only a matter of time
before the 'bad guys' discover this vulnerability and start crashing public
sites.
Or do you just assume (maybe backed by statistics) that no, or very few,
*public* sites use RichFaces? I.e. that RichFaces is mainly used for intranet
apps, and thus not as vulnerable? Remember that *one* single request may crash
a VM and that a few concurrent requests always kill EVERY SUN VM. As we all
know, the majority of people use the Sun VM, so there is NO escape for this
high vulnerability.
Apple or Microsoft would be crucified if it reaches the public that there's a
high risk vulnerability they have been warned off, but you just move it to
"Future" without comment... I'm not sure if that's the best thing to do
really...
> ColorConvertOp used in some dynamic resources can cause JVM crash
> -----------------------------------------------------------------
>
> Key: RF-8610
> URL: https://jira.jboss.org/jira/browse/RF-8610
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component
> Affects Versions: 3.3.3.Final
> Reporter: Nick Belaevski
> Assignee: Nick Belaevski
> Priority: Critical
> Fix For: Future
>
>
> See related forum thread
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
richfaces-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/richfaces-issues
