glassfish
  1. glassfish
  2. GLASSFISH-15909

New Grizzly integration required for http://java.net/jira/browse/GRIZZLY-970

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 3.1_b41
    • Fix Version/s: None
    • Component/s: grizzly-kernel
    • Labels:
      None

      Description

      See http://java.net/jira/browse/GRIZZLY-970 for details.

      I've checked the web container code and have found similar logic which I will fix along with the grizzly integration.

        Activity

        Hide
        Scott Fordin added a comment -

        Added issue to 3.1 Release Notes.

        Show
        Scott Fordin added a comment - Added issue to 3.1 Release Notes.
        Hide
        Chris Kasso added a comment -

        Oracle has issued the following sec alert on this issue:

        http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

        If the customer upgrades to Java Runtime Environment 6 update 24 when it is released they will no longer be vulnerable to this issue. Information about this vulnerability along with how to mitigate it should be included in the Release Notes.

        The fixed version of Grizzly should be incorporated in the first patch released for GF 3.1.

        Show
        Chris Kasso added a comment - Oracle has issued the following sec alert on this issue: http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html If the customer upgrades to Java Runtime Environment 6 update 24 when it is released they will no longer be vulnerable to this issue. Information about this vulnerability along with how to mitigate it should be included in the Release Notes. The fixed version of Grizzly should be incorporated in the first patch released for GF 3.1.
        Hide
        Ryan Lubke added a comment -

        How bad is its impact? (Severity)
        Identify why the fix needs to occur now:

        • Impacts product security

        How often does it happen? (Frequency)

        • anytime a specially crafted header is sent to the web container

        How much effort is required to fix it? (Cost)

        • minimal

        What is the risk of fixing it? (Risk)

        • minimal

        Does a work around for the issue exist? Can the workaround be reasonably employed by the end user?

        • none

        If the issue is not fixed should the issue and its workaround (if applicable) be described in the Release Notes?

        How long has the bug existed in the product?

        • It's a JVM issue that's been around for some time. The issue has just recently started getting a lot of press.

        Do regression tests exist for this issue?

        • in Grizzly, not in glassfish.

        Which tests should QA (re)run to verify the fix did not destabilize GlassFish?

        • N/A

        When will a tested fix be ready for integration?

        • 2/9/2011
        Show
        Ryan Lubke added a comment - How bad is its impact? (Severity) Identify why the fix needs to occur now: Impacts product security How often does it happen? (Frequency) anytime a specially crafted header is sent to the web container How much effort is required to fix it? (Cost) minimal What is the risk of fixing it? (Risk) minimal Does a work around for the issue exist? Can the workaround be reasonably employed by the end user? none If the issue is not fixed should the issue and its workaround (if applicable) be described in the Release Notes? How long has the bug existed in the product? It's a JVM issue that's been around for some time. The issue has just recently started getting a lot of press. Do regression tests exist for this issue? in Grizzly, not in glassfish. Which tests should QA (re)run to verify the fix did not destabilize GlassFish? N/A When will a tested fix be ready for integration? 2/9/2011

          People

          • Assignee:
            Ryan Lubke
            Reporter:
            Ryan Lubke
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: