From owner-freebsd-java@FreeBSD.ORG Tue Sep 29 05:27:15 2009 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 336E1106566B; Tue, 29 Sep 2009 05:27:15 +0000 (UTC) (envelope-from wcai@xwarelabs.org) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.251]) by mx1.freebsd.org (Postfix) with ESMTP id B8A2C8FC12; Tue, 29 Sep 2009 05:27:14 +0000 (UTC) Received: by an-out-0708.google.com with SMTP id d14so1781505and.13 for ; Mon, 28 Sep 2009 22:27:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.80.2 with SMTP id d2mr4036391anb.35.1254200727929; Mon, 28 Sep 2009 22:05:27 -0700 (PDT) X-Originating-IP: [202.8.27.5] In-Reply-To: <19137.36221.789093.590674@jerusalem.litteratus.org> References: <20090928101048.GA1189@phenom.cordula.ws> <20090929034837.GA56588@misty.eyesbeyond.com> <19137.36221.789093.590674@jerusalem.litteratus.org> X-Goomoji-Body: true Date: Tue, 29 Sep 2009 13:05:27 +0800 Message-ID: From: Wenliang Cai To: Robert Huff Content-Type: multipart/related; boundary=0050450176f4dd84020474b05cf4 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Greg Lewis , cpghost , freebsd-questions@freebsd.org, freebsd-java@freebsd.org Subject: Re: java/jdk16 vulnerability? X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2009 05:27:15 -0000 --0050450176f4dd84020474b05cf4 Content-Type: text/plain; charset=UTF-8 Perhaps we can have a specific page to show the recommended JDK version for all people including these who are not in the list... [?] On Tue, Sep 29, 2009 at 12:30 PM, Robert Huff wrote: > > Greg Lewis writes: > > > > Your installed version of Java is vulnerable to a severe remote > > > exploit (remote code execution!). You must upgrade to at least Java > > > 5 update 20 or Java 6 update 15 as soon as possible. Freenet has > > > disabled any plugins handling XML for the time being, but this > > > includes searching and chat so you should upgrade ASAP! > > > > We're almost certainly vulnerable. The jdk16 port is at Update 3. > > > > We need an entry in the VUXML database I guess. > > > > Updating java/jdk16 is going to be a slow process. There are > > lots of changes between Update 3 and Update 15. I've partially > > merged Update 4, but obviously that still leaves many to go... > > As someone with zero knowledge of Java internals: what is the > recommended version at the moment? > > > Robert Huff > > _______________________________________________ > freebsd-java@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-java > To unsubscribe, send any mail to "freebsd-java-unsubscribe@freebsd.org" > --0050450176f4dd84020474b05cf4--