http://freenetproject.org/index.php?page=download, in explaining which webinstaller the user should download, says "If you already have Java 1.4.1 or later installed (then use) freenet-webinstall.exe". Apart from the applet vulnerability that wasn't fixed till 1.4.2 (javascript classloader bypass iirc), there were recently 3 new applet privellege escalation vulnerabilities publicised affecting everything less than 1.5.0 update 3. Link multilined for stupid gmane filter : http://searchsecurity.techtarget.com/originalContent/ 0,289142,sid14_gci1148505,00.html
I can confirm that the current 0.5 still runs OK on 1.4.1 since I have to use that version of blackdown on Sparc Linux :) but I suggest we should recommend the latest 1.5 / 5.0 to windows users in light of the above. All recent windows JVMs have a systray app which autoupdates aggressively, even to beta versions(!) provided the user OK's it, therefore recommending a recent version should save us from future issues like this. The version currently bundled with the java-webinstaller is 1.5.0_06 and therefore safe by the way. Bob
