[richfaces-issues] [JBoss JIRA] Commented: (RF-8610) ColorConvertOp used in some dynamic resources can cause JVM crash
henk de boer (JIRA)
jira-events at lists.jboss.org
Sun May 2 18:42:05 EDT 2010
[ https://jira.jboss.org/jira/browse/RF-8610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12528547#action_12528547 ]
henk de boer commented on RF-8610:
----------------------------------
Nick, is moving this to Future really a good move? It's only a matter of time before the 'bad guys' discover this vulnerability and start crashing public sites.
Or do you just assume (maybe backed by statistics) that no, or very few, *public* sites use RichFaces? I.e. that RichFaces is mainly used for intranet apps, and thus not as vulnerable? Remember that *one* single request may crash a VM and that a few concurrent requests always kill EVERY SUN VM. As we all know, the majority of people use the Sun VM, so there is NO escape for this high vulnerability.
Apple or Microsoft would be crucified if it reaches the public that there's a high risk vulnerability they have been warned off, but you just move it to "Future" without comment... I'm not sure if that's the best thing to do really...
> ColorConvertOp used in some dynamic resources can cause JVM crash
> -----------------------------------------------------------------
>
> Key: RF-8610
> URL: https://jira.jboss.org/jira/browse/RF-8610
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component
> Affects Versions: 3.3.3.Final
> Reporter: Nick Belaevski
> Assignee: Nick Belaevski
> Priority: Critical
> Fix For: Future
>
>
> See related forum thread
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the richfaces-issues
mailing list