[richfaces-issues] [JBoss JIRA] Commented: (RF-8610) ColorConvertOp used in some dynamic resources can cause JVM crash

[ https://jira.jboss.org/jira/browse/RF-8610?page=com.atlassian.jira.plugin... ] henk de boer commented on RF-8610: ---------------------------------- Nick, is moving this to Future really a good move? It's only a matter of time before the 'bad guys' discover this vulnerability and start crashing public sites. Or do you just assume (maybe backed by statistics) that no, or very few, *public* sites use RichFaces? I.e. that RichFaces is mainly used for intranet apps, and thus not as vulnerable? Remember that *one* single request may crash a VM and that a few concurrent requests always kill EVERY SUN VM. As we all know, the majority of people use the Sun VM, so there is NO escape for this high vulnerability. Apple or Microsoft would be crucified if it reaches the public that there's a high risk vulnerability they have been warned off, but you just move it to "Future" without comment... I'm not sure if that's the best thing to do really... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira