commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rory O'Donnell" <rory.odonn...@oracle.com>
Subject Re: Early Access builds for JDK 8u60 b24 and JDK 9 b72 are available on java.net
Date Mon, 20 Jul 2015 12:17:14 GMT
Hi Bernd,

Please see [0] for Oracle's Security Vulnerability Disclosure Policies.

Rgds,Rory

[0] 
http://www.oracle.com/us/support/assurance/vulnerability-remediation/disclosure/index.html


On 18/07/2015 04:19, Bernd Eckenfels wrote:
> Hello Rory and JDK team,
>
> I know I repeat myself and you might not have influence on the process,
> but it is really annoying that not a single of the Bug links I have
> tried in the change notes document actually works (i.e. is not public).
>
> Is it planned to do something about this?
>
> http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8076328
> http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8071931
> http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8067694
> http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8043201
> etc
>
> It might be understandable that you need to keep not-yet published
> security bugs secret, but since the commits for those are (now) hitting
> the EA repository I dont see a point in that anymore. (besides some of
> the bugs are not even security bugs):
>
> Better MBean connection:
> http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8076397
>
> Is this still the "contains any internal url we better hide the bug"
> problem?
>
>
> Speaking of security bugs, 8u51 includes a modified peer validation in
> TLS/SSL which avoids to use reverse resolve the host names
> (JDK-8067695). Is that part of 8u60 yet or will it be?
>
>
> Gruss
> Bernd
>
>
> Am Fri, 17 Jul 2015 14:03:32 +0100 schrieb "Rory O'Donnell"
> <rory.odonnell@oracle.com>:
>
>> summary of changes are listed here.
>> <http://www.java.net/download/jdk8u60/changes/jdk8u60-b24.html>

-- 
Rgds,Rory O'Donnell
Quality Engineering Manager
Oracle EMEA , Dublin, Ireland


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message