Release 1.8.3

AdoptOpenJDK · Aug 2, 2019 · 6b2d518 · 6b2d518
1 parent b611e63
commit 6b2d518
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,9 +1,14 @@
+2019-08-02  George Adams <george@jclarity.com>
+
+        Release changes
+        * configure.ac: (AC_INIT) bumped to 1.8.3
+
 2019-06-26  Jiri Vanek <jvanek@redhat.com>
 
 	All files, except signatures files, are now  checked for signatures - CVE-2019-10181
 	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: (isMetaInfFile) fixed bug, when anything in META-INF was not
 	checked for signature. Now only signature files are skipped
-	* tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java: added tests for check if file should be skipped from 
+	* tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java: added tests for check if file should be skipped from
 	signature check
 
 2019-06-26  Jiri Vanek <jvanek@redhat.com>
@@ -17,7 +22,7 @@
 2019-06-26  Jiri Vanek <jvanek@redhat.com>
 
 	Fixed bug when relative path (..) could leak up (even out of cache) - CVE-2019-10182
-	* netx/net/sourceforge/jnlp/cache/CacheUtil.java: if path or query contains .. is saved to cache via its hash 
+	* netx/net/sourceforge/jnlp/cache/CacheUtil.java: if path or query contains .. is saved to cache via its hash
 	* netx/net/sourceforge/jnlp/util/FileUtils.java: added warning about different behavior on win/linux
 	* tests/netx/unit/net/sourceforge/jnlp/cache/CacheUtilTest.java: added tests for hashing
 	* tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPClassLoaderTest.java:  added test for .. in path. Added test

diff --git a/NEWS b/NEWS
@@ -8,6 +8,12 @@ GX  - http://bugs.gentoo.org/show_bug.cgi?id=X
 
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release 1.8.3 (2019-08-02):
+* Security updates
+  - CVE-2019-10182 - Fixed bug when relative path (..) could leak up (even out of cache)
+  - CVE-2019-10185 - Nested jar, if by relative path point up, is stored as hashed
+  - CVE-2019-10181 - All files, except signatures files, are now  checked for signatures
+
 New in release 1.8.2 (2019-07-15):
 * fix(JNLPFile): location/sourceLocation confusion
 * Fix hang in windows when javaws is launched outside the console
@@ -20,7 +26,7 @@ New in release 1.8.2 (2019-07-15):
 New in release 1.8.1 (2019-05-21):
 * backport deadlock fix from #219
 * handle jnlp filename with space for shortcuts (#180)
-* use ico-file instead of png-file as itw-icon and use it as default icon 
+* use ico-file instead of png-file as itw-icon and use it as default icon
 
 New in release 1.8 (2019-03-12):
 * added support for javafx-desc and so allwong run of pure-javafx only applications

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.8.2],[distro-pkg-dev@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.8.3],[distro-pkg-dev@openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
 AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
 AC_CONFIG_FILES([Makefile netx.manifest])
 AM_MAINTAINER_MODE([enable])