Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing
|Summary:||installs insecure java runtime environment|
|Component:||code||Assignee:||AOO issues mailing list <issues>|
|Status:||CONFIRMED ---||QA Contact:|
|Issue Type:||ENHANCEMENT||Latest Confirmation in:||---|
Description kebera 2008-08-02 16:32:37 UTC
Installer does not check if a newer compatible java runtime environment is already installed, and proceeds to install the old one (1.6r4 in this case). I.e., an OOo install introduces a security hole out-of-the-box. This is also a management concern as someone has to duplicate work removing the insecure version. Most users will not even know it should be done.
Comment 1 Olaf Felka 2008-08-03 08:39:38 UTC
known issue *** This issue has been marked as a duplicate of 91582 ***
Comment 2 Olaf Felka 2008-08-03 08:40:06 UTC
Comment 3 gregor.hartmann 2008-08-05 10:34:44 UTC
not duplicate because this requires a check if a newer version is already installed. the root of the duplicate chain only added a new JRE to th instset. Also read comment by kebera in issue 87470
Comment 4 Olaf Felka 2008-08-05 10:52:38 UTC
To prove if there is a newer JRE is is the job of the JAVA team. That is the only solution that makes sense to me. We are just using their JRE. I don't think that we should nag the user with an up popping browser to point him to another JRE. That is something that irritates the user and doesn't help at installation time. What the user expects from an installer is to install now and not leading him to different web pages. At least it has to be pointed out what Java vendores we should check for newer versions?