Freenet 0.7 build 1228 is now available. Apologies for not posting a changelog 
for 1227, I will now. Please upgrade ASAP as 1228 is mandatory on Friday and 
warns the user about a critical security problem in Sun JVMs.
- Warn user about, and refuse to load plugins handling XML, a severe 
vulnerability in Java.
- Some robustness code in the client layer (half-deleted stuff left over by 
bugs causing problems).
- Avoid node-to-node text messages leaking memory when peers are removed.
- If we have peers, set the completed-the-first-time-wizard flag to true. This 
affects encryption of the client layer database, and also whether we show the 
wizard on later startups before managing to connect.
- Fix a thread leak in FCP, usually triggered by FMS.
- Remove TargetNodeName in FCP message ReceivedN2NFeedMessage.
- Minor improvement to javadocs generation, and indenting.


- Fix failure to start when trying to defrag a big node.db4o.
- Some robustness code in the client layer (half-deleted stuff left over by 
bugs causing problems).
- Fix ?forcedownload headers. On some systems, forcedownload was not working.
- New FCP messages for plugin management: LoadPlugin, RemovePlugin, 
ReloadPlugin, response message PluginRemoved.
- Some refactoring, logging and minor internal changes.
- Fix a wierd NPE breaking site inserts when heavy logging is enabled.


With regards to the JVM thing, Windows users will generally have auto-update 
for their JVM; Linux and Mac users are more problematic, initially the 
vulnerability was much less serious so may not be deployed quickly, also it 
might be possible to fix it without increasing the JVM version in which case we 
would not be able to detect the fix...

Attachment: signature.asc
Description: This is a digitally signed message part.

Support mailing list
Unsubscribe at

Reply via email to