http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
LieGrue, strub --- On Thu, 2/10/11, Matthias Wessendorf <mat...@apache.org> wrote: > From: Matthias Wessendorf <mat...@apache.org> > Subject: Re: About the JVM bug with 2.2250738585072012e-00308 > To: "MyFaces Development" <dev@myfaces.apache.org> > Date: Thursday, February 10, 2011, 12:16 PM > Udo, > > is there a link to their bug? > > pretty interesting that they now fix it for almost > everything :) > > On Thu, Feb 10, 2011 at 1:14 PM, Udo Schnurpfeil <u...@schnurpfeil.de> > wrote: > > BTW: The hotfix from Oracle is for 1.4, 5.0 and 6.0. > > > > Regards > > > > Udo > > > > Am 10.02.11 12:06, schrieb Mark Struberg: > >> > >> txs 4 the review! > >> > >>> But the hotfix also rejects numbers like > >>> 2.22507385850720120e-10 which is not so > abnormal. > >> > >> not abnormal but still moderately unlikely. > >> > >> I agree for a long term scenario. > >> > >> Basically the default should be to disable this > workaround and to make it > >> available via configuration. Btw, it seems that > Oracle finally reacted and > >> will hopefully ship a fixed JVM 1.6 soon (no help > for Java5 users of > >> course). > >> > >>> The fix should also be done for 1.2, because > many > >>> productive systems using it. > >> > >> +1 > >> > >> LieGrue, > >> strub > >> > >> --- On Thu, 2/10/11, Udo Schnurpfeil<u...@schnurpfeil.de> > wrote: > >> > >>> From: Udo Schnurpfeil<u...@schnurpfeil.de> > >>> Subject: About the JVM bug with > 2.2250738585072012e-00308 > >>> To: "MyFaces Development"<dev@myfaces.apache.org> > >>> Date: Thursday, February 10, 2011, 10:59 AM > >>> Hi, > >>> > >>> I've some comments to the JVM bug for the bad > number > >>> 2.2250738585072012e-00308 > >>> (https://issues.apache.org/jira/browse/MYFACES-3024) > >>> > >>> The problem occures for values which are "very > very low". > >>> But the hotfix also rejects numbers like > >>> 2.22507385850720120e-10 which is not so > abnormal. > >>> > >>> Would it not be better, when the hotfix is > configurable (be > >>> default turned on), so that the admin can > switch it off, > >>> when the JVM bugfix is applied? > >>> > >>> The fix should also be done for 1.2, because > many > >>> productive systems using it. > >>> > >>> What do you think? > >>> > >>> Regards > >>> > >>> Udo > >>> > >>> > >> > >> > >> > > > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf >
