IcedTea-Web 1.6.1 and 1.5.3 released

Jiri Vanek jvanek at redhat.com
Fri Sep 11 14:39:17 UTC 2015


Hello, after pretty rush two weeks here is just half expected release of icedtea-web

The release is mainly because of two flaws, specific for itw:
   https://bugzilla.redhat.com/show_bug.cgi?id=1233697
   https://bugzilla.redhat.com/show_bug.cgi?id=1233667

Tarballs  are as usually on wildbeast at classpath.org

http://icedtea.wildebeest.org/download/source/icedtea-web-1.6.1.tar.gz
http://icedtea.wildebeest.org/download/source/icedtea-web-1.5.3.tar.gz
of sums of
35d6712a5d9db69e8bd14ab68f94d748  icedtea-web-1.6.1.tar.gz
72d288739968732a4efa0e0664391fde  icedtea-web-1.5.3.tar.gz

***********************************
Part of this security  security is recommendation, that you should use jdk8 as runtime for ITW, because of slightly more secure HTTPUrlConnection (comapred with older JDKs)
***********************************

I know 1.5 was supposed to be unmaintained, but the issue was so shaming, that I decided to fully patch it and release.


The docs of 1.6.1 are at http://icedtea.wildebeest.org/download/icedtea-web-docs/1.6.1/html/ (As usually :) , but PL and pig part of DE transaltion is still missing.



Special thanks goes to
    Andrea Palazzo
    Tomas Hoger

J.


NEWS:


New in release 1.6.1 (2015-09-11):
* Enabled Entry-Point attribute check
* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* comments in deployment.properties now should persists load/save
* fixed bug in caching of files with query
* fixed issues with recreating of existing shortcut
* trustAll/trustNone now processed correctly
* headless no longer shows dialogues
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed
* NetX
   - fixed issues with -html shortcuts
   - fixed issue with -html receiving garbage in width and height
* PolicyEditor
   - file flag made to work when used standalone
   - file flag and main argument cannot be used in combination


New in release 1.5.3 (2015-09-11):
* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed


More information about the distro-pkg-dev mailing list