Return-Path: X-Original-To: apmail-commons-dev-archive@www.apache.org Delivered-To: apmail-commons-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B664E18C2C for ; Mon, 20 Jul 2015 12:17:36 +0000 (UTC) Received: (qmail 65933 invoked by uid 500); 20 Jul 2015 12:17:36 -0000 Delivered-To: apmail-commons-dev-archive@commons.apache.org Received: (qmail 65768 invoked by uid 500); 20 Jul 2015 12:17:35 -0000 Mailing-List: contact dev-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Commons Developers List" Delivered-To: mailing list dev@commons.apache.org Received: (qmail 65753 invoked by uid 99); 20 Jul 2015 12:17:35 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Jul 2015 12:17:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 2590DC09A5; Mon, 20 Jul 2015 12:17:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.008 X-Spam-Level: X-Spam-Status: No, score=-0.008 tagged_above=-999 required=6.31 tests=[T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id KRfiLPw2zX9O; Mon, 20 Jul 2015 12:17:21 +0000 (UTC) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id C4E2A2C6B7; Mon, 20 Jul 2015 12:17:21 +0000 (UTC) Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t6KCHK9l016079 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 20 Jul 2015 12:17:20 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t6KCHKs3009646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 20 Jul 2015 12:17:20 GMT Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id t6KCHKi0028476; Mon, 20 Jul 2015 12:17:20 GMT Received: from dhcp-ukc1-twvpn-3-vpnpool-10-175-252-138.vpn.oracle.com (/10.175.252.138) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 20 Jul 2015 05:17:19 -0700 Subject: Re: Early Access builds for JDK 8u60 b24 and JDK 9 b72 are available on java.net To: Bernd Eckenfels References: <55A8FD24.9060707@oracle.com> <20150718051934.00005ec9.ecki@zusammenkunft.net> Cc: rory.odonnell@oracle.com, britter@apache.org, Dalibor Topic , Balchandra Vaidya , Vivek Theeyarath , Commons Developers List From: "Rory O'Donnell" Message-ID: <55ACE6CA.9040004@oracle.com> Date: Mon, 20 Jul 2015 13:17:14 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150718051934.00005ec9.ecki@zusammenkunft.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: userv0021.oracle.com [156.151.31.71] Hi Bernd, Please see [0] for Oracle's Security Vulnerability Disclosure Policies. Rgds,Rory [0] http://www.oracle.com/us/support/assurance/vulnerability-remediation/disclosure/index.html On 18/07/2015 04:19, Bernd Eckenfels wrote: > Hello Rory and JDK team, > > I know I repeat myself and you might not have influence on the process, > but it is really annoying that not a single of the Bug links I have > tried in the change notes document actually works (i.e. is not public). > > Is it planned to do something about this? > > http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8076328 > http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8071931 > http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8067694 > http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8043201 > etc > > It might be understandable that you need to keep not-yet published > security bugs secret, but since the commits for those are (now) hitting > the EA repository I dont see a point in that anymore. (besides some of > the bugs are not even security bugs): > > Better MBean connection: > http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8076397 > > Is this still the "contains any internal url we better hide the bug" > problem? > > > Speaking of security bugs, 8u51 includes a modified peer validation in > TLS/SSL which avoids to use reverse resolve the host names > (JDK-8067695). Is that part of 8u60 yet or will it be? > > > Gruss > Bernd > > > Am Fri, 17 Jul 2015 14:03:32 +0100 schrieb "Rory O'Donnell" > : > >> summary of changes are listed here. >> -- Rgds,Rory O'Donnell Quality Engineering Manager Oracle EMEA , Dublin, Ireland --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org For additional commands, e-mail: dev-help@commons.apache.org