source: trunk/icedtea-web/NEWS@ 433

Last change on this file since 433 was 429, checked in by dmik, 11 years ago

icedtea-web: Merge version 1.5.1 from vendor to trunk.
File size: 11.2 KB
RevLine 
[348]1Key:
2
3SX - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X
4PRX - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X
5RHX - https://bugzilla.redhat.com/show_bug.cgi?id=X
6DX - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X
7GX - http://bugs.gentoo.org/show_bug.cgi?id=X
8
9CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
10
[429]11New in release 1.5.1 (2014-08-13):
12* Massively improved offline abilities.
13* Improved to be able to run with any JDK
14* JDK 8 support added (URLPermission granted if applicable)
15* Added DE and PL localizations
16* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to control scan of Manifest file
17* Control Panel
18 - PR1856: ControlPanel UI improvement for lower resolutions (800*600)
19* NetX
20 - PR1858: Java Console accepts multi-byte encodings
21 - PR1859: Java Console UI improvement for lower resolutions (800*600)
22 - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception java.lang.ClassCastException in method sun.applet.PluginAppletViewer$8.run()
23* Plugin
24 - PR1743 - Intermittant deadlock in PluginRequestProcessor
25 - RH1121549: coverity defects
26* PolicyEditor
27 - codebases without permissions assigned save to file anyway (and re-appear on next open)
28 - PR1776: NullPointer on save-and-exit
29 - Custom permissions are properly formatted
30
31New in release 1.5 (2014-04-02):
32* IcedTea-Web now using tagsoup as default (tagsoup dependence) sanitizer for input
33* JDK older then 1.5 no longer supported
34* IcedTea-Web is now following XDG .config and .cache specification(RH947647)
35* A console for debugging plugin and javaws
36* Dialogs center on screen before becoming visible
37* Support for u45 and u51 new manifest attributes (Application-Name, Codebase, Permissions, Trusted-only)
38* Custom applet permission policies panel in itweb-settings control panel
39* javaws -version flag
40* New PolicyEditor for easily adding/removing permissions to individual applets
41* Cache Viewer
42 - Can be closed by ESC key
43 - Enabling and disabling of operational buttons is handled properly
44 - Time consuming operations are indicated by a mouse busy cursor
45 - "Size" and "Last Modified" columns display localized data
46* NetX
47 - PR1465 - java.io.FileNotFoundException while trying to download a JAR file
48 - Netx can now parse malformed jnlp files using tagsoup
49 - PR1026 - Apps fail to run because of the nanoxml parser's strict XML validation
50 - PR1473 - javaws should not depend on name of local file
51 - Redesigned About dialogue layout and contents
52 - Console made aware of plugin messages
53* Plugin
54 - PR854: Resizing an applet several times causes 100% CPU load
55 - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs
56 - RH976833: Multiple applets on one page cause deadlock
57 - Pipes moved into XDG_RUNTIME_DIR
58 - Added debug to file
59 - RH1010958: insecure temporary file use flaw in LiveConnect implementation
60* Common
61 - PR1474: Can't get javaws to use SOCKS proxy
62 - Man page for itweb-settings
63* Security Updates
64 - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
65
66New in release 1.4 (2013-XX-XX):
67* Added cs localization
68* Added de localization
69* Added pl localization
70* Splash screen for javaws and plugin
71* Better error reporting for plugin via Error-splash-screen
72* All IcedTea-Web dialogues are centered to middle of active screen
73* Download indicator made compact for more then one jar
74* User can select its own JVM via itw-settings and deploy.properties.
75* Added extended applets security settings and dialogue
[418]76* Security updates
[429]77 - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
78 - CVE-2013-1927, RH884705: fixed gifar vulnerabilit
[418]79 - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
80 - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
81* NetX
[429]82 - PR1027: DownloadService is not supported by IcedTea-Web
83 - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run
84 - PR1292: Javaws does not resolve versioned jar names with periods correctly
85* Plugin
86 - PR1106: Buffer overflow in plugin table-
87 - PR1166: Embedded JNLP File is not supported in applet tag
88 - PR1217: Add command line arguments for plugins
89 - PR1189: Icedtea-plugin requires code attribute when using jnlp_href
90 - PR1198: JSObject is not passed to javascript correctly
91 - PR1260: IcedTea-Web should not rely on GTK
92 - PR1157: Applets can hang browser after fatal exception
93 - PR580: http://www.horaoficial.cl/ loads improperly
94* Common
95 - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
96 - PR955: regression: SweetHome3D fails to run
97 - PR1145: IcedTea-Web can cause ClassCircularityError
98 - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
99 - PR822: Applets fail to load if jars have different signers
100 - PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null
101 - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails
102 - PR1299: WebStart doesn't read socket proxy settings from firefox correctly
103
104New in release 1.3 (2012-XX-XX):
105* NetX
[418]106 - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen")
107 - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly
[348]108* Plugin
[418]109 - PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp
110 - PR863: Error passing strings to applet methods in Chromium
111 - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass
112 - PR861: Allow loading from non codebase hosts. Allow code to connect to hosting server
113 - PR518: NPString.utf8characters not guaranteed to be nul-terminated
114 - PR722: META-INF/ unsigned entries should be ignored in signing
115 - PR855: AppletStub getDocumentBase() doesn't return full URL
116 - PR1011: Folders treated as jar files in archive tag
117 - PR588: Cookies not written from cookie jar to browser cookies
[429]118 - PR920: Classes attempted to load twice when class extends from outside jar
[418]119* Common
120 - PR918: java applet windows uses a low resulution black/white icon
121 - RH838417: Disambiguate signed applet security prompt from certificate warning
122 - RH838559: Disambiguate signed applet security prompt from certificate warning
123 - RH720836: project can be compiled against GTK+ 2 or 3 librarie
124
125New in release 1.2 (2011-XX-XX):
126* Security updates:
127 - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
128 - RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation
129 - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
130* NetX
131 - PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null error
132 - PR765: JNLP file with all resource jars marked as 'lazy' fails to validate signature and stops the launch of application
133 - PR788: Elluminate Live! is not working
134 - PR804: javaws launcher incorrectly handles file names with spaces
135* Plugin
[348]136 - PR749: sun.applet.PluginStreamHandler#handleMessage(String) really slow
[418]137 - PR782: Support building against npapi-sdk as well
138 - PR838: IcedTea plugin crashes with chrome browser when javascript is executed
139 - PR852: Classloader not being flushed after last applet from a site is closed
140 - RH586194: Unable to connect to connect with Juniper VPN client
[348]141 - RH718693: MindTerm SSH Applet doesn't work
142Common
143 - PR768: Signed applets/Web Start apps don't work with OpenJDK7 and up
[418]144 - PR771: IcedTea-Web certificate verification code does not use the right API
145 - PR742: IcedTea-Web checks certs only upto 1 level deep before declaring them untrusted.
[348]146 - PR769: IcedTea-Web does not work with some ssl sites with OpenJDK7
[418]147 - PR778: Jar download and server certificate verification deadlock
148 - PR789: typo in jrunscript.sh
149 - PR794: IcedTea-Web does not work if a Web Start app jar has a Class-Path element in the manifest
150 - PR808: javaws is unable to start, when missing jars are enumerated before main jar
[348]151 - RH734081: Javaws cannot use proxy settings from Firefox
[418]152 - RH738814: Access denied at ssl handshake
153 - Support for authenticating using client certificates
[348]154
[418]155New in release 1.1 (2011-XX-XX):
156* Security updates
157 - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries
158 - RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation
[348]159* New Features
160 - IcedTea-Web now installs to a FHS-compliant location
161 - IcedTea-Web can now handle Proxy Auto Config files
162 - Binary launchers replaced with simple shell scripts
163 - Can now use codebase_lookup=false with applets.
164* Common Fixes and Improvements
165 - PR497: Mercurial revision detection not very reliable
166 - PR638: JNLPClassLoader.loadClass(String name) can return null
167 - RH677772: NoSuchAlgorithmException using SSL/TLS in javaws
168 - PR724: Possible NullPointerException in JNLPClassLoader.getClassPathsFromManifest
169* NetX
170 - Use Firefox's proxy settings if possible
171 - The user's default browser (determined from xdg-open or $BROWSER) is used
172 - RH669942: javaws fails to download version/packed files (missing support for jnlp.packEnabled and jnlp.versionEnabled)
[418]173 - PR464: plugin can now load parameters from jnlp files.
[348]174 - PR658: now jnlp.packEnabled works with applets.
175 - PR726: closing javaws -about no longer throws exceptions.
176 - PR727: cache now properly removes files.
177* Plugin
178 - PR475, RH604061: Allow applets from the same page to use the same classloader
179 - PR612: NetDania application ends on java.security.AccessControlException: access denied (java.util.PropertyPermission browser read)
180 - PR664: Sound doesn't play on runescape.com.
181 - PR721: IcedTeaPlugin.so cannot run g_main_context_iteration on a different thread unless a different GMainContext *context is used
182 - PR735: Firefox 4 sometimes freezes if the applet calls showDocument()
183
184New in release 1.0 (2010-XX-XX):
185
186* Initial release of IcedTea-Web
187* Security updates
188 - RH645843, CVE-2010-3860: IcedTea System property information leak via public static
189 - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
190* Plugin
191 - PR542: Plugin fails with NPE on http://www.openprocessing.org/visuals/iframe.php?visualID=2615
192 - PR552: Support for FreeBSD's pthread implementation
193 - PR554: System.err writes content two times
194 - PR556: Applet initialization code is prone to race conditions
195 - PR557: Applet opens in a separate window if tab is closed when the applet loads
196 - PR565: UIDefaults.getUI fails with jgoodies:looks 2.3.1
197 - PR593: Increment of invalidated iterator in IcedTeaPluginUtils (patch from barbara.xxx1975@libero.it)
198 - PR597: Entities are parsed incorrectly in PARAM tag in applet plugin
199 - PR619: Improper finalization by the plugin can crash the browser
200 - Applets are now double-buffered to eliminate flicker in ones that do heavy drawing
201 - RH665104: OpenJDK Firefox Java plugin loses a cookie
202* NetX
203 - Add a new option -Xclearcache
204 - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available
205 - PR592: NetX can create invalid desktop entry files
206 - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
207* Control Panel
208 - Modifications to deployments.properties file can now be done through a GUI
Note: See TracBrowser for help on using the repository browser.