IcedTea-Web 1.6.1 and 1.5.3 released
Jiri Vanek
jvanek at redhat.com
Fri Sep 11 14:39:17 UTC 2015
Hello, after pretty rush two weeks here is just half expected release of icedtea-web
The release is mainly because of two flaws, specific for itw:
https://bugzilla.redhat.com/show_bug.cgi?id=1233697
https://bugzilla.redhat.com/show_bug.cgi?id=1233667
Tarballs are as usually on wildbeast at classpath.org
http://icedtea.wildebeest.org/download/source/icedtea-web-1.6.1.tar.gz
http://icedtea.wildebeest.org/download/source/icedtea-web-1.5.3.tar.gz
of sums of
35d6712a5d9db69e8bd14ab68f94d748 icedtea-web-1.6.1.tar.gz
72d288739968732a4efa0e0664391fde icedtea-web-1.5.3.tar.gz
***********************************
Part of this security security is recommendation, that you should use jdk8 as runtime for ITW, because of slightly more secure HTTPUrlConnection (comapred with older JDKs)
***********************************
I know 1.5 was supposed to be unmaintained, but the issue was so shaming, that I decided to fully patch it and release.
The docs of 1.6.1 are at http://icedtea.wildebeest.org/download/icedtea-web-docs/1.6.1/html/ (As usually :) , but PL and pig part of DE transaltion is still missing.
Special thanks goes to
Andrea Palazzo
Tomas Hoger
J.
NEWS:
New in release 1.6.1 (2015-09-11):
* Enabled Entry-Point attribute check
* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* comments in deployment.properties now should persists load/save
* fixed bug in caching of files with query
* fixed issues with recreating of existing shortcut
* trustAll/trustNone now processed correctly
* headless no longer shows dialogues
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed
* NetX
- fixed issues with -html shortcuts
- fixed issue with -html receiving garbage in width and height
* PolicyEditor
- file flag made to work when used standalone
- file flag and main argument cannot be used in combination
New in release 1.5.3 (2015-09-11):
* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed
More information about the distro-pkg-dev
mailing list