Mercurial > hg > release > icedtea-web-1.0

view NEWS @ 89:3bd328e4b515

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass Fixes JAR signature handling so that multiply/partially signed jars are correctly handled.
author Deepak Bhole <dbhole@redhat.com>
date Tue, 01 Feb 2011 10:53:44 -0500
parents a1ed62aa5f98
children ee0be35126c8
line wrap: on
line source

Key:

SX  - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X
PRX - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X
RHX - https://bugzilla.redhat.com/show_bug.cgi?id=X
DX  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X
GX  - http://bugs.gentoo.org/show_bug.cgi?id=X

CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

New in release 1.0 (2011-XX-XX):

* Initial release of IcedTea-Web
* Security updates
  - RH645843, CVE-2010-3860: IcedTea System property information leak via public static
  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
  - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
* New Features
  - IcedTea-Web now uses a deployment.properties file to specify configuration
  - System-level as well as user-level deployment.properties files with locked configuration are supported
  - Preview of a Control Panel that allows configuring IcedTea-Web using a GUI
  - Static proxies are now supported using the deployment.properties file
  - User prompts can now be configured using the deployment.properties
  - Applications and applets can now have a Look and Feel different from rest of IcedTea-Web
* Common improvements and fixes
  - Clean up native directories on exit
  - Cached files with special characters in filenames are now handled correctly
  - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available
* Javaws improvments and fixes
  - PR592: NetX can create invalid desktop entry files
  - Add a new option -Xclearcache
  - Removed option -umask
  - Applications with non-public main classes are now supported.
  - JNLP files containing <component-desc> as well as <application-desc> will now work
  - The javaws.desktop file now points explicitly to NetX's javaws binary
* Plugin improvements and fixes
  - PR542: Plugin fails with NPE on http://www.openprocessing.org/visuals/iframe.php?visualID=2615
  - PR552: Support for FreeBSD's pthread implementation
  - PR554: System.err writes content two times
  - PR556: Applet initialization code is prone to race conditions
  - PR557: Applet opens in a separate window if tab is closed when the applet loads
  - PR565: UIDefaults.getUI fails with jgoodies:looks 2.3.1
  - PR593: Increment of invalidated iterator in IcedTeaPluginUtils (patch from barbara.xxx1975@libero.it)
  - PR597: Entities are parsed incorrectly in PARAM tag in applet plugin
  - PR619: Improper finalization by the plugin can crash the browser
  - RH665104: OpenJDK Firefox Java plugin loses a cookie
  - JNLP files referenced in the applet tag are now parsed to detect applet properties
  - Applets are now double-buffered to eliminate flicker in ones that do heavy drawing