Closed Bug 598453 Opened 11 years ago Closed 11 years ago
New version of JEP (0
.9 .7 .4), please land on branches
JEP 0.9.7.4 fixes (or works around) a major security hole (see bug 589041), and also fixes two other bugs (which are major annoyances for certain classes of users). Because I don't want to reveal too much about the security bug before it's been fixed in all current Mozilla releases, I haven't yet formally released JEP 0.9.7.4 (I haven't yet uploaded it to http://javaplugin.sourceforge.net/). That's also why I've marked this bug security sensitive. I've already emailed copies of the JEP 0.9.7.4 distro to Dan Veditz and Christian Legnitto. I can also email copies to others who wish to test it (its size is about 4MB). JEP 0.9.7.4 needs to be landed on the current branches (1.9.2 and 1.9.1) soon -- before the 126.96.36.199 and 188.8.131.52 branch code freeze (currently scheduled for 2010-09-28). It should probably also be landed on the 1.9.0 branch (as JEP 0.9.7.3 was), so Camino can pick it up (Smokey may have more to say about this). Those who want to try the new version right away will need to install it "over" the older versions currently bundled with Mozilla.org browsers. I recommend doing the following. Note that these instructions have changed from what I used to recommend. This is because Apple made changes in their most recent Java Updates (on OS X 10.5.X and 10.6.X) that cause the previous instructions to no longer work properly. For each of the browser binaries you wish to update: 1) Control-click (or right-click) on the browser binary and choose "Show Package Contents". 2) Browse to the Contents/MacOS/plugins folder and delete JavaEmbeddingPlugin.bundle and MRJPlugin.plugin. 3) Drag copies of the new Java Embedding Plugin binaries to the Contents/MacOS/plugins folder.
Steven, can you mail me a copy, too (at this address), so I can take it for a spin in Camino? As Steven mentioned, we will want this on 1.9.0 for our next Camino release (we'd like to have our RC built by end-of-month, but we're still blocked on a couple of our own bugs, so the final timeline is still a bit murky). Assuming the new JEP lands simultaneously on 1.9.1 and 1.9.2, it would be great if it could land on 1.9.0 with them.
Attachment #477289 - Flags: approval1.9.0.next? → approval1.9.0.next+
Approved for the branches.
Landed on the 1.9.2 branch: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/06dbab839a94
Landed on the 1.9.1 branch: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/68d3084c0bcb
Landed on the 1.9.0 branch: Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Info.plist; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Info.plist,v <-- Info.plist new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin,v <-- JavaEmbeddingPlugin new revision: 1.24; previous revision: 1.23 done Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/English.lproj/InfoPlist.strings; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/English.lproj/InfoPlist.strings,v <-- InfoPlist.strings new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar,v <-- JavaEmbeddingPlugin.jar new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Info.plist; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Info.plist,v <-- Info.plist new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin,v <-- MRJPlugin new revision: 1.24; previous revision: 1.23 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar,v <-- MRJPlugin.jar new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/MRJPlugin.rsrc; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/MRJPlugin.rsrc,v <-- MRJPlugin.rsrc new revision: 1.19; previous revision: 1.18 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/English.lproj/InfoPlist.strings; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/English.lproj/InfoPlist.strings,v <-- InfoPlist.strings new revision: 1.23; previous revision: 1.22 done
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Since this bug is not _in_ the JEP but is about landing code in Gecko, I'm changing the product so I can set the branch status flags appropriately
Assignee: smichaud → blackconnect
Component: Java (Java Embedding Plugin) → Java-Implemented Plugins
Product: Plugins → Core
QA Contact: jep-java → blackconnect
(In reply to comment #7) > Since this bug is not _in_ the JEP but is about landing code in Gecko, I'm > changing the product so I can set the branch status flags appropriately You join the list of people wanting bug 584632 to actually get fixed ;)
Assignee: blackconnect → smichaud
Component: Java-Implemented Plugins → Plug-ins
QA Contact: blackconnect → plugins
I'm wondering if this bug needs an advisory for the 184.108.40.206 and 220.127.116.11 releases. I'm also unclear why it's marked sg:high when it blocks a sg:critical bug.
Depends on: 607678
Unfortunately, this seems to have broken popular game sites Yahoo! Games and pogo.com, which are apparently not the kinds of Java applets/sites that any of us test against :( See bug 607678.
Depends on: 606737
Now that this bug is no longer marked security-sensitive, I'll formally release JEP 0.9.7.4 pretty soon -- possibly this weekend.
You need to log in before you can comment on or make changes to this bug.