Issue 92404

Summary: installs insecure java runtime environment
Product: Installation Reporter: kebera <kebera>
Component: codeAssignee: AOO issues mailing list <issues>
Status: CONFIRMED --- QA Contact:
Severity: Trivial    
Priority: P3 CC: issues
Version: OOo 2.4.1   
Target Milestone: ---   
Hardware: PC   
OS: Windows, all   
Issue Type: ENHANCEMENT Latest Confirmation in: ---
Developer Difficulty: ---

Description kebera 2008-08-02 16:32:37 UTC
Installer does not check if a newer compatible java runtime environment is
already installed, and proceeds to install the old one (1.6r4 in this case). 
I.e., an OOo install introduces a security hole out-of-the-box.  This is also a
management concern as someone has to duplicate work removing the insecure
version.  Most users will not even know it should be done.
Comment 1 Olaf Felka 2008-08-03 08:39:38 UTC
known issue

*** This issue has been marked as a duplicate of 91582 ***
Comment 2 Olaf Felka 2008-08-03 08:40:06 UTC
duplicate
Comment 3 gregor.hartmann 2008-08-05 10:34:44 UTC
not duplicate because this requires a check if a newer version is already
installed. the root of the duplicate chain only added a new JRE to th instset.

Also read comment by kebera in issue 87470 

Comment 4 Olaf Felka 2008-08-05 10:52:38 UTC
To prove if there is a newer JRE is is the job of the JAVA team. That is the
only solution that makes sense to me. We are just using their JRE. I don't think
that we should nag the user with an up popping browser to point him to another
JRE. That is something that irritates the user and doesn't help at installation
time. What the user expects from an installer is to install now and not leading
him to different web pages.
At least it has to be pointed out what Java vendores we should check for newer
versions?