Apache OpenOffice (AOO) Bugzilla – Issue 113119
Update downloader does not verifiy downloaded files
Last modified: 2017-05-20 11:35:08 UTC
As described in issue 113114, the online update system does not verify a downloaded file. In fact it starts the update installation without any verification of the downloaded file. This should be considered as high security risk and I suggest to disable automatic download and installation of updates until this is fixed.
@ mh: Please decide how to proceed.
set to all OS
additional info regarding issue 113114: Once a wrong file has been downloaded (in case of issue 113114 it was the "File not found" html page), the update mechanism will not request a correct file from the server, even if the server is reconfigured to deliver the correct file. You need to restart search for updates manually to trigger the new download. This behaviour is logical, assuming that we get a correct file for download, but should be reconsidered when we change the download mechanism.
Reset assigne to the default "issues@openoffice.apache.org".