Java News from Friday, September 24, 2004

Version 1.0.8 of the open source Subversion source code control repository has been released to plug a minor security leak. "mod_authz_svn, the Apache httpd module which does path-based authorization on Subversion repositories, is not correctly protecting all metadata on unreadable paths....This security issue is not about revealing the contents of protected files: it only reveals metadata about protected areas such as paths and log messages. This may or may not be important to your organization, depending on how you're using path-based authorization, and the sensitivity of the metadata....These issues only affects users of mod_authz_svn, not people using native httpd.conf directives (such as <Limit> or <LimitExcept>) directives to limit general readability on whole repositories." There's also a new release candidate of Subversion 1.1 that includes this fix.

Apple has released the Java 1.4.2 Update 2 to all users via software update. This update "provides improved behavior for applets in Safari, and increased stability for desktop Java applications. Java 1.4.2 Update 2 also includes all the improvements from Java 1.4.2 Update 1. The system will be updated to Java 1.4.2 Update 2. If the system currently has Java 1.4.1, it will be removed. Any previous Java 1.4.2 installation will be completely replaced." Mac OS X 10.3.4 or later is required.