[FYI] New Java vulnerability

[Pedro Falcão]

Well, not so new, but...

http://threatpost.co...affected-092612

The patch that seems to fix it was already released, as said here:

http://appleinsider.com/articles/13/01/12/oracles-fix-for-zero-day-java-flaw-to-be-available-shortly

Edited January 17, 2013 by Pedro Falcão

[WhiteTreePaladin]

Only affected the java applet inside a browser, not java programs.

[greenknight32]

Only affected the java applet inside a browser, not java programs.

Absolutely correct, not a problem for 0 A.D. Be advised, though, there are still unpatched vulnerabilities in the Java plug-in. Still not our problem..

[historic_bruno]

0 A.D. doesn't use Java, so it wouldn't matter either way Apparently this exploit was quite serious though, we even had the Department of Homeland Security (US government agency) warning people to disable their Java plugins. I rarely seem to need Java when browsing, so I'd be happy to leave it disabled and then enable it in situations where I need it.

[greenknight32]

I'm still groggy from the flu, forgot which forum I'm on (visited the FreeCol forum just before, FreeCol is written in Java). When fully awake, I'm well aware that 0 A.D. uses JavaScript, which is a completely different thing despite the similar names.

Anyway, an exploit for one of the still-unpatched vulnerabilities in Java quickly appeared, and the government is still advising you disable it.