Issue 92404 - installs insecure java runtime environment
Summary: installs insecure java runtime environment
Alias: None
Product: Installation
Classification: Application
Component: code (show other issues)
Version: OOo 2.4.1
Hardware: PC Windows, all
: P3 Trivial (vote)
Target Milestone: ---
Assignee: AOO issues mailing list
QA Contact:
Depends on:
Reported: 2008-08-02 16:32 UTC by kebera
Modified: 2013-02-07 22:39 UTC (History)
1 user (show)

See Also:
Latest Confirmation in: ---
Developer Difficulty: ---


Note You need to log in before you can comment on or make changes to this issue.
Description kebera 2008-08-02 16:32:37 UTC
Installer does not check if a newer compatible java runtime environment is
already installed, and proceeds to install the old one (1.6r4 in this case). 
I.e., an OOo install introduces a security hole out-of-the-box.  This is also a
management concern as someone has to duplicate work removing the insecure
version.  Most users will not even know it should be done.
Comment 1 Olaf Felka 2008-08-03 08:39:38 UTC
known issue

*** This issue has been marked as a duplicate of 91582 ***
Comment 2 Olaf Felka 2008-08-03 08:40:06 UTC
Comment 3 gregor.hartmann 2008-08-05 10:34:44 UTC
not duplicate because this requires a check if a newer version is already
installed. the root of the duplicate chain only added a new JRE to th instset.

Also read comment by kebera in issue 87470 

Comment 4 Olaf Felka 2008-08-05 10:52:38 UTC
To prove if there is a newer JRE is is the job of the JAVA team. That is the
only solution that makes sense to me. We are just using their JRE. I don't think
that we should nag the user with an up popping browser to point him to another
JRE. That is something that irritates the user and doesn't help at installation
time. What the user expects from an installer is to install now and not leading
him to different web pages.
At least it has to be pointed out what Java vendores we should check for newer