Return-Path: 
 <general-return-1418-apmail-xmlgraphics-general-archive=www.apache.org@xmlgraphics.apache.org>
Delivered-To: apmail-xmlgraphics-general-archive@www.apache.org
Received: (qmail 65422 invoked from network); 14 Oct 2010 06:03:42 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 14 Oct 2010 06:03:42 -0000
Received: (qmail 89293 invoked by uid 500); 14 Oct 2010 06:03:40 -0000
Mailing-List: contact general-help@xmlgraphics.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:general-help@xmlgraphics.apache.org>
List-Unsubscribe: <mailto:general-unsubscribe@xmlgraphics.apache.org>
List-Post: <mailto:general@xmlgraphics.apache.org>
List-Id: <general.xmlgraphics.apache.org>
Reply-To: general@xmlgraphics.apache.org
Delivered-To: mailing list general@xmlgraphics.apache.org
Received: (qmail 89271 invoked by uid 99); 14 Oct 2010 06:03:38 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Oct 2010 06:03:38 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of helder.magalhaes@gmail.com
 designates 209.85.214.182 as permitted sender)
Received: from [209.85.214.182] (HELO mail-iw0-f182.google.com)
 (209.85.214.182)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Oct 2010 06:03:34 +0000
Received: by iwn8 with SMTP id 8so12044503iwn.27
        for <multiple recipients>; Wed, 13 Oct 2010 23:03:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:mime-version:received:from:date
         :message-id:subject:to:cc:content-type;
        bh=mjQwFUE7/vxp6K8zy1WY2zAPK7hqJiMuP2q0tg01Fe4=;
        b=ZMcY5kXylaJd3zQY9wgC33FhOqIFtUtD10sbjnqFaBa+A847KayjRdyu6ZpgBIpIzO
         iVbFlclFRuOdH7oa1kJGtFS2Vi9a1zANHWLQkFnads6Uab4hL1lNISQGrrTq0cbnZIdd
         Y4aR6gbvV9Swjq2MPYp1ZaPfgrMsHl1h5D3og=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:from:date:message-id:subject:to:cc:content-type;
        b=Q1bq4S+ZuDRcN61FH+JotEUpH8lYz1C0/X+1lOiumF3OYhmnqUFx/Z6jxK2r93uSVy
         6mkjr1mXXxD/+PHfGh5utX0WCpuDGm6SaxZh26faEN5G8Jnjl56PAdn1ZZI0YzMrSLdW
         oFFFpvXuehQEJR/oiVQ37OhDi1m6AlxuNCmYo=
Received: by 10.42.148.9 with SMTP id p9mr1698777icv.440.1287036188146; Wed,
 13 Oct 2010 23:03:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.33.195 with HTTP; Wed, 13 Oct 2010 23:02:48 -0700 (PDT)
From: =?ISO-8859-1?Q?Helder_Magalh=E3es?= <helder.magalhaes@gmail.com>
Date: Thu, 14 Oct 2010 07:02:48 +0100
Message-ID: <AANLkTi=gYYQouWvRCkoeq0-kXUpzwKKkKrdTdksFjyv3@mail.gmail.com>
Subject: Oracle (previously Sun) JDK/JRE: couple of imageio fixes + critical
 security update
To: general@xmlgraphics.apache.org
Cc: batik-users@xmlgraphics.apache.org, batik-dev@xmlgraphics.apache.org
Content-Type: text/plain; charset=ISO-8859-1

Hi everyone,


Today I stumbled across the (Oracle) SE 1.6 update 22 release notes
[1]. Initially, it made me curious about a couple of imageio-related
issues [2] [3], something which may become useful in the scope of
related Batik issue 46513 [4] (possibly/probably there is also related
interest in the scope of xmlgraphics-commons [5] and/or FOP [7]).
Afterward, I noticed the highly relevant security fixes [7], which may
currently affect most (any?) current Java-based project, with the
specially alarmist nuance of potentially exposing Java applets and Web
start applications (which is pretty serious in my opinion). Note that
the security issue, as far as I could see, affects all known Java
versions (ranging from Java 1.3.x to 6.0, previous versions probably
just unlisted due already been EOL'ed).

I'm thinking if this may worth a mention in the software download
pages, kind of the Batik 1.5.0 release security warning [8]...? (Yes,
it's not the same as this is due to a VM issue but... How to others
feel about this?)

Please forward at will, keep software updated and please reply to
general@ only to avoid (more) cross-posting. (Non-Oracle users and
watchers of several of the targeted mailing lists, please excuse the
"spam-effect", if any.)


Cheers,
 Helder


[1] http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
[2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6547241
[3] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6557086
[4] https://issues.apache.org/bugzilla/show_bug.cgi?id=46513
[5] http://xmlgraphics.apache.org/commons/
[6] http://xmlgraphics.apache.org/fop/
[7] http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
[8] http://xmlgraphics.apache.org/batik/index.html#download

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: general-help@xmlgraphics.apache.org