felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Pauls (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-4281) Security Warning: Felix with Java Web Start
Date Fri, 06 Jun 2014 21:07:02 GMT

    [ https://issues.apache.org/jira/browse/FELIX-4281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14020373#comment-14020373
] 

Karl Pauls commented on FELIX-4281:
-----------------------------------

@Rob: this is what the javadoc has to say (hence, we don't need to worry): 

"If the underlying method is an instance method, it is invoked using dynamic method lookup
as documented in The Java Language Specification, Second Edition, section 15.12.4.4; in particular,
overriding based on the runtime type of the target object will occur."



> Security Warning: Felix with Java Web Start
> -------------------------------------------
>
>                 Key: FELIX-4281
>                 URL: https://issues.apache.org/jira/browse/FELIX-4281
>             Project: Felix
>          Issue Type: Bug
>         Environment: Windows 7 with Java 7 update 40, 64 bits
>            Reporter: Cesar Souza
>            Assignee: Karl Pauls
>            Priority: Minor
>             Fix For: framework-4.6.0
>
>         Attachments: message.zip, sec_action.patch, viewer.jnlp, webstart.patch
>
>
> Since the release of Java 7 update 40 the following warning occurs when you try to execute
a signed (with valid certificate) Java Web Start application: 
> -----------------------------
> Security Warning
> Do you want to run this application?
> An unsigned application from the location below is requesting permission to run.
> http://......
> Running unsigned applications like this will be blocked in a future
> release because it is potentially unsafe and a security risk
> -----------------------------
> Although the Java recognizes the certificate in the first dialog, it shows the warning
message when the Felix's init method is invoked.
> I have tested a same application over Java 7 update 21 and everything is ok.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message