Hi :) Really the only way to void potential problems with Java is to NOT use it at all. Sadly that means all our Accessibility stuff would be completely wrecked. A few Wizards, Extensions, embedded Base backends would also be affected but almost all of that has work-arounds that improve the quality of the LO experience anyway. The only thing that has no work-around is Accessibility.
Btw anyone enjoying the paralympics? Regards from Tom :) >________________________________ > From: NoOp <gl...@sbcglobal.net> >To: users@global.libreoffice.org >Sent: Friday, 31 August 2012, 20:39 >Subject: [libreoffice-users] [Don't] Re: Java & LibO: use version 6 for now if >you must - was: What is the status of Java security? > >On 08/31/2012 03:31 AM, Fabian Rodriguez wrote: >> >> On 08/30/2012 02:14 PM, Fabian Rodriguez wrote: >> >>> Hi all >> >>> I saw this a few days ago, I'd like to know what should I make of it?: >> >> http://arstechnica.com/security/2012/08/critical-flaw-under-active-attack-prompts-calls-to-disable-java/ >> >>> I never install Java when I install LibreOffice, but a few people end up >>> installing it. >> [..] >> >> I asked about this to Canonical support. Here is their reply with >> regards to Ubuntu: >> "OpenJDK 7 is affected too. Please note that in Precise and Oneiric, >> openjdk-7 is in universe, so updating it is not a priority [ for >> Canonical]. So in the meantime use OpenJDK 6." > >So file a security bug as iced-tea has been updated: ><http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html> ><http://blog.fuseyism.com/index.php/2012/08/30/security-icedtea-2-3-1-released/> ><https://bugzilla.redhat.com/show_bug.cgi?id=852051> ><http://gnu.wildebeest.org/blog/mjw/2012/08/30/java-bug-cve-2012-4681/> > >> >> Knowing Oracle's strict updates schedule, version 7 won't have updates >> before next month, which may then take some time to reach the proper >> community channels. > >From my reponse in this thread yesterday: >Update to Java 7u7: ><http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html> ><https://www.java.com/en/download/manual.jsp> > >> >> This echoes the recommendations I've seen here to user version 6 as its >> more stable with LibO. > >And recommending that brings up other well known security issues. You >are much better off turning off java until you've installed the current >updates (released yesterday). > >Note: ><http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html> ><quote> >Description > >This Security Alert addresses security issues CVE-2012-4681 (US-CERT >Alert TA12-240A and Vulnerability Note VU#636312) and two other >vulnerabilities affecting Java running in web browsers on desktops. >These vulnerabilities are not applicable to Java running on servers or >standalone Java desktop applications. They also do not affect Oracle >server-based software. ></quote> > >> >> Thanks for all the replies, >> >> Fabián Rodríguez >> http://libreoffice.magicfab.ca >> >> >> >> > > > >-- >For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org >Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ >Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette >List archive: http://listarchives.libreoffice.org/global/users/ >All messages sent to this list will be publicly archived and cannot be deleted > > > -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
