Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index


On 01/18/2012 05:54 AM, Andreas Säger wrote:
Am 11.01.2012 20:08, Tanstaafl wrote:

It is simply unwise to keep old/exploitable version of java on any system.


There is no technical reason to do so on a Windows system. Under Linux 
there may be a tiny fraction of users like me who face a certain 
performance problem in Base.

Updates are typically multi-OS. Example:
<http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html#PatchTable/>

Scroll down to the 'Appendix - Oracle Java SE' and read:
<quote>
CVSS scores below assume that a user running a Java applet or Java Web
Start application has administrator privileges (typical on Windows).
Where the user does not run with administrator privileges (typical on
Solaris and Linux), the corresponding CVSS impact scores for
Confidentiality, Integrity, and Availability are "Partial" instead of
"Complete", and the corresponding CVSS Base score is 7.5 instead of 10
respectively.
</quote>

Ditto for the October 2011 updates:
<http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html>

And:
http://java.com/en/download/faq/remove_olderversions.xml
<quote>
Should I remove older versions of Java?
We highly recommend users remove all older versions of Java from your
system.
Keeping old and unsupported versions of Java on your system presents a
serious security risk.
Removing older versions of Java from your system ensures that Java
applications will run with the most up-to-date security and performance
improvements on your system.
</quote>

Regarding performance issues, from the same web page:
<quote>
Do I need older versions of Java?
The latest available version is always compatible with the older
versions. However, some Java applications (or applets) can indicate that
they are dependent on a particular version, and may not run if you do
not have that version installed. If an application or web page you
access requires an older version of Java, you should report this to the
provider/developer and request that they update the application to be
compatible with all Java versions.
</quote>

So... run older versions at *your* own risk. Just please do not advise
others to do the same without sufficent warnings.







-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.