IcedTea-Web 1.5 released!

Jiri Vanek jvanek at redhat.com
Mon Apr 7 10:46:17 UTC 2014 

Hi all!

After development until last breath, I'm finally proud to announce release of icedtea-web 1.5

http://icedtea.wildebeest.org/download/source/icedtea-web-1.5.tar.gz
a6199869763291879f3a7382b114974c  icedtea-web-1.5.tar.gz

Please note, 1.5 is *last* release which will be supporting *JDK6*.  JDK8 is released, and  so all 
the JDK6 code, causing warnings in JDK7, diamond operator, generic swings or others.... will be now 
part of Head.

Second note. This tarball is missing PL and DE translation.
DE can be downloaded form here: 
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027035.html (directly 
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140401/cfd6d3f2/DElocalizationforIcedTea-Web1.5-0001.patch). 
It applies cleanly to 1.5 and I advise all packagers to include this patch as package-specific. In 
similar way I believe PL translation will appear soon. Also I hope both will be sooner or later in 
1.5.1. Sorry for inconvenience.

Development plans are available at our wiki:

http://icedtea.classpath.org/wiki/IcedTea-Web#IcedTea-Web_1.5
http://icedtea.classpath.org/wiki/IcedTea-Web#IcedTea-Web_1.6

New in IcedTea-Web 1.5

The killer features are new Development console and Custom Policies + run in sandbox button.

* new Development console
   - can be disabled or configured from itw-settings
   - can be shown from error or at startup time
   - allows filtering, searching and much more in debug logs!
   - also connection to Linux logging is available

* Custom Policies + run in sandbox button are described at our wiki:
  -http://icedtea.classpath.org/wiki/IcedTea-Web#Custom_Policies_and_Run_In_Sandbox
    * http://icedtea.classpath.org/wiki/IcedTea-Web-Custom-Policies
    * http://icedtea.classpath.org/wiki/IcedTea-Web-PolicyEditor
  - In short: they allow you to control signed applications.

There is also enhanced security available through implementation of most D-I-D attributes, however, 
there is still work in progress on this minefield.
  - http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html

Note for packagers:
  - new dependency  - tagsoup is recommended
  - Policy Editor is available as a separate binary"
  - New man pages are available

New in release 1.5 (2014-04-02):
* IcedTea-Web now using tagsoup as default (tagsoup dependence) sanitizer for input
* JDK older then 1.5 no longer supported
* IcedTea-Web is now following XDG .config and .cache specification(RH947647)
* A console for debugging plugin and javaws
* Dialogs center on screen before becoming visible
* Support for u45 and u51 new manifest attributes (Application-Name, Codebase, Permissions, 
Trusted-only)
* Custom applet permission policies panel in itweb-settings control panel
* javaws -version flag
* New PolicyEditor for easily adding/removing permissions to individual applets
* Cache Viewer
   - Can be closed by ESC key
   - Enabling and disabling of operational buttons is handled properly
   - Time consuming operations are indicated by a mouse busy cursor
   - "Size" and "Last Modified" columns display localized data
* NetX
   - PR1465 - java.io.FileNotFoundException while trying to download a JAR file
   - Netx can now parse malformed jnlp files using tagsoup
   - PR1026 - Apps fail to run because of the nanoxml parser's strict XML validation
   - PR1473 - javaws should not depend on name of local file
   - Redesigned About dialogue layout and contents
   - Console made aware of plugin messages
* Plugin
   - PR854: Resizing an applet several times causes 100% CPU load
   - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs
   - RH976833: Multiple applets on one page cause deadlock
   - Pipes moved into XDG_RUNTIME_DIR
   - Added debug to file
   - RH1010958: insecure temporary file use flaw in LiveConnect implementation
* Common
   - PR1474: Can't get javaws to use SOCKS proxy
   - Man page for itweb-settings
* Security Updates
   - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet



People who helped with this release:

Adam Domurad  <adomurad at redhat.com>
Alexandr Kolouch  <skolnag at gmail.com>
Andrew Azores  <aazores at redhat.com>
Deepak Bhole <dbhole at redhat.com>
Jacob Wisor  <gitne at excite.co.jp>
Jana Fabrikova  <jfabriko at redhat.com>
Jiri Vanek  <jvanek at redhat.com>
Matthias Klose  <doko at ubuntu.com>
Michal Vyskocil  <mvyskocil at suse.com>
Omair Majid  <oamjid at redhat.com>


With special thanks to:

  * Omair Majid - who was keeping an ever-watchful eye on our hazardous commits
  * To community - namely:
    -  Jacob Wisor and Alexandr Kolouch  - who were able to translate all the swarm of new terrible 
messages
  * Andrew Azores who did really deep testing of pre-release stuff and found some clues which saved 
the day



Best regards
   J.

More information about the distro-pkg-dev mailing list