directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brennan Stehling <offwh...@gmail.com>
Subject Re: Maven/Java 1.4.0 security issues
Date Sun, 06 Feb 2005 18:07:40 GMT
I actually pulled down the latest 1.4.2 and 1.5 installations and
removed every other Java SDK/Runtime excep the 1.3.1 SDK so I can
still build other backwards compatible projects.

So far so good.  

I am also on Windows 2000.  I wonder if the MacOS X Java Runtime is
immune to the problem.

Brennan

On Sun, 06 Feb 2005 12:14:59 -0500, Alex Karasulu <aok123@bellsouth.net> wrote:
> Niclas Hedhman wrote:
> 
> >On Sunday 06 February 2005 19:28, Brennan Stehling wrote:
> >
> >
> >>An interesting problem any Windows might have is the bad JAVA_HOME
> >>settings.  When I started to try Apache DS I suddenly got a ton of
> >>virus problems.  Today I am working on running many Maven compiles and
> >>now that I have Norton AntiVirus installed I am seeing it is blocking
> >>this Trojan virus.
> >>
> >>It seems j2sdk1.4.0_01 has a security bug in it and when I did install
> >>j2sdk1.4.2_04 the new JAVA_HOME and PATH settings were not changed
> >>from the older version.  As I compiled it may have been opening a
> >>security hole and letting stuff in.
> >>
> >>So you may want to check that your environment variables are set
> >>properly and also uninstall Java 1.4.0.
> >>
> >>
> >
> >I don't know if it is related; My rt.jar was modified a few days ago. The
> >MessageFormat class (of all!) had been replaced.
> >
> >
> No way is this on Linux Niclas?
> Alex
> 


-- 
Brennan Stehling
 + http://brennan.offwhite.net/blog/

Mime
View raw message