release/icedtea-web-1.2: 89bbadb66b07 NEWS

release/icedtea-web-1.2

view NEWS @ 381:89bbadb66b07

Removed pre from version in configure.ac

author	Jiri Vanek <jvanek@redhat.com>
date	Thu Apr 11 18:08:22 2013 +0200 (2013-04-11)
parents	45a5c6e2e368
children

line source

1 Key:

3 SX - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X

4 PRX - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X

5 RHX - https://bugzilla.redhat.com/show_bug.cgi?id=X

6 DX - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X

7 GX - http://bugs.gentoo.org/show_bug.cgi?id=X

9 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

11 New in release 1.2.3 (2013-04-17):

12 * Security Updates

13 - CVE-2013-1927, RH884705 - fixed gifar vulnerability

14 - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.

15 * Common

16 - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7

17 * Plugin

18 - PR1157: Applets can hang browser after fatal exception

20 New in release 1.2.2 (2012-11-07):

21 * Security Updates

22 - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet

23 * Plugin

24 - PR1106: Buffer overflow in plugin table

26 New in release 1.2.1 (2012-07-31):

27 * Security Updates

28 - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location

29 - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings

30 * NetX

31 - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen")

32 - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly

33 - 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome

34 * Plugin

35 - PR863: Error passing strings to applet methods in Chromium

36 - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass

37 - PR518: NPString.utf8characters not guaranteed to be nul-terminated

38 * Common

39 - RH838417: Disambiguate signed applet security prompt from certificate warning

40 - RH838559: Disambiguate signed applet security prompt from certificate warning

42 New in release 1.2 (2012-03-05):

43 * Security updates:

44 - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications

45 - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation

46 - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass

47 * NetX

48 - PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error

49 - PR765: JNLP file with all resource jars marked as 'lazy' fails to validate signature and stops the launch of application

50 - PR788: Elluminate Live! is not working

51 - PR804: javaws launcher incorrectly handles file names with spaces

52 * Plugin

53 - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow

54 - PR782: Support building against npapi-sdk as well

55 - PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp

56 - PR838: IcedTea plugin crashes with chrome browser when javascript is executed

57 - PR852: Classloader not being flushed after last applet from a site is closed

58 - RH586194: Unable to connect to connect with Juniper VPN client

59 - RH718693: MindTerm SSH Applet doesn't work

60 Common

61 - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up

62 - PR771: IcedTea-Web certificate verification code does not use the right API

63 - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.

64 - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7

65 - PR778: Jar download and server certificate verification deadlock

66 - PR789: typo in jrunscript.sh

67 - PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path element in the manifest

68 - PR808: javaws is unable to start, when missing jars are enumerated before main jar

69 - RH734081: Javaws cannot use proxy settings from Firefox

70 - RH738814: Access denied at ssl handshake

71 - Support for authenticating using client certificates

73 New in release 1.1 (2011-XX-XX):

74 * Security updates

75 - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries

76 - RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation

77 * New Features

78 - IcedTea-Web now installs to a FHS-compliant location

79 - IcedTea-Web can now handle Proxy Auto Config files

80 - Binary launchers replaced with simple shell scripts

81 - Can now use codebase_lookup=false with applets.

82 * Common Fixes and Improvements

83 - PR497: Mercurial revision detection not very reliable

84 - PR638: JNLPClassLoader.loadClass(String name) can return null

85 - RH677772: NoSuchAlgorithmException using SSL/TLS in javaws

86 - PR724: Possible NullPointerException in JNLPClassLoader.getClassPathsFromManifest

87 * NetX

88 - Use Firefox's proxy settings if possible

89 - The user's default browser (determined from xdg-open or $BROWSER) is used

90 - RH669942: javaws fails to download version/packed files (missing support for jnlp.packEnabled and jnlp.versionEnabled)

91 - PR464: plugin can now load parameters from jnlp files.

92 - PR658: now jnlp.packEnabled works with applets.

93 - PR726: closing javaws -about no longer throws exceptions.

94 - PR727: cache now properly removes files.

95 * Plugin

96 - PR475, RH604061: Allow applets from the same page to use the same classloader

97 - PR612: NetDania application ends on java.security.AccessControlException: access denied (java.util.PropertyPermission browser read)

98 - PR664: Sound doesn't play on runescape.com.

99 - PR721: IcedTeaPlugin.so cannot run g_main_context_iteration on a different thread unless a different GMainContext *context is used

100 - PR735: Firefox 4 sometimes freezes if the applet calls showDocument()

101

102 New in release 1.0 (2010-XX-XX):

103

104 * Initial release of IcedTea-Web

105 * Security updates

106 - RH645843, CVE-2010-3860: IcedTea System property information leak via public static

107 - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass

108 * Plugin

109 - PR542: Plugin fails with NPE on http://www.openprocessing.org/visuals/iframe.php?visualID=2615

110 - PR552: Support for FreeBSD's pthread implementation

111 - PR554: System.err writes content two times

112 - PR556: Applet initialization code is prone to race conditions

113 - PR557: Applet opens in a separate window if tab is closed when the applet loads

114 - PR565: UIDefaults.getUI fails with jgoodies:looks 2.3.1

115 - PR593: Increment of invalidated iterator in IcedTeaPluginUtils (patch from barbara.xxx1975@libero.it)

116 - PR597: Entities are parsed incorrectly in PARAM tag in applet plugin

117 - PR619: Improper finalization by the plugin can crash the browser

118 - Applets are now double-buffered to eliminate flicker in ones that do heavy drawing

119 - RH665104: OpenJDK Firefox Java plugin loses a cookie

120 * NetX

121 - Add a new option -Xclearcache

122 - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available

123 - PR592: NetX can create invalid desktop entry files

124 - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass

125 * Control Panel

126 - Modifications to deployments.properties file can now be done through a GUI