xmlgraphics-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremias Maerki <...@jeremias-maerki.ch>
Subject Re: Oracle (previously Sun) JDK/JRE: couple of imageio fixes + critical security update
Date Thu, 21 Oct 2010 06:55:05 GMT
Hi Helder,

thanks for raising awareness for this issue. I'm not sure we need to
replicate the security warning issued by Oracle. If it were our own
security problem that would of course be something else.

On 14.10.2010 08:02:48 Helder Magalhães wrote:
> Hi everyone,
> 
> 
> Today I stumbled across the (Oracle) SE 1.6 update 22 release notes
> [1]. Initially, it made me curious about a couple of imageio-related
> issues [2] [3], something which may become useful in the scope of
> related Batik issue 46513 [4] (possibly/probably there is also related
> interest in the scope of xmlgraphics-commons [5] and/or FOP [7]).
> Afterward, I noticed the highly relevant security fixes [7], which may
> currently affect most (any?) current Java-based project, with the
> specially alarmist nuance of potentially exposing Java applets and Web
> start applications (which is pretty serious in my opinion). Note that
> the security issue, as far as I could see, affects all known Java
> versions (ranging from Java 1.3.x to 6.0, previous versions probably
> just unlisted due already been EOL'ed).
> 
> I'm thinking if this may worth a mention in the software download
> pages, kind of the Batik 1.5.0 release security warning [8]...? (Yes,
> it's not the same as this is due to a VM issue but... How to others
> feel about this?)
> 
> Please forward at will, keep software updated and please reply to
> general@ only to avoid (more) cross-posting. (Non-Oracle users and
> watchers of several of the targeted mailing lists, please excuse the
> "spam-effect", if any.)
> 
> 
> Cheers,
>  Helder
> 
> 
> [1] http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
> [2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6547241
> [3] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6557086
> [4] https://issues.apache.org/bugzilla/show_bug.cgi?id=46513
> [5] http://xmlgraphics.apache.org/commons/
> [6] http://xmlgraphics.apache.org/fop/
> [7] http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
> [8] http://xmlgraphics.apache.org/batik/index.html#download
> 


Jeremias Maerki


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: general-help@xmlgraphics.apache.org


Mime
View raw message