You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by Udo Schnurpfeil <ud...@schnurpfeil.de> on 2011/02/10 11:59:36 UTC
About the JVM bug with 2.2250738585072012e-00308
Hi,
I've some comments to the JVM bug for the bad number
2.2250738585072012e-00308
(https://issues.apache.org/jira/browse/MYFACES-3024)
The problem occures for values which are "very very low". But the hotfix
also rejects numbers like 2.22507385850720120e-10 which is not so abnormal.
Would it not be better, when the hotfix is configurable (be default
turned on), so that the admin can switch it off, when the JVM bugfix is
applied?
The fix should also be done for 1.2, because many productive systems
using it.
What do you think?
Regards
Udo
Re: About the JVM bug with 2.2250738585072012e-00308
Posted by Mark Struberg <st...@yahoo.de>.
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
LieGrue,
strub
--- On Thu, 2/10/11, Matthias Wessendorf <ma...@apache.org> wrote:
> From: Matthias Wessendorf <ma...@apache.org>
> Subject: Re: About the JVM bug with 2.2250738585072012e-00308
> To: "MyFaces Development" <de...@myfaces.apache.org>
> Date: Thursday, February 10, 2011, 12:16 PM
> Udo,
>
> is there a link to their bug?
>
> pretty interesting that they now fix it for almost
> everything :)
>
> On Thu, Feb 10, 2011 at 1:14 PM, Udo Schnurpfeil <ud...@schnurpfeil.de>
> wrote:
> > BTW: The hotfix from Oracle is for 1.4, 5.0 and 6.0.
> >
> > Regards
> >
> > Udo
> >
> > Am 10.02.11 12:06, schrieb Mark Struberg:
> >>
> >> txs 4 the review!
> >>
> >>> But the hotfix also rejects numbers like
> >>> 2.22507385850720120e-10 which is not so
> abnormal.
> >>
> >> not abnormal but still moderately unlikely.
> >>
> >> I agree for a long term scenario.
> >>
> >> Basically the default should be to disable this
> workaround and to make it
> >> available via configuration. Btw, it seems that
> Oracle finally reacted and
> >> will hopefully ship a fixed JVM 1.6 soon (no help
> for Java5 users of
> >> course).
> >>
> >>> The fix should also be done for 1.2, because
> many
> >>> productive systems using it.
> >>
> >> +1
> >>
> >> LieGrue,
> >> strub
> >>
> >> --- On Thu, 2/10/11, Udo Schnurpfeil<ud...@schnurpfeil.de>
> wrote:
> >>
> >>> From: Udo Schnurpfeil<ud...@schnurpfeil.de>
> >>> Subject: About the JVM bug with
> 2.2250738585072012e-00308
> >>> To: "MyFaces Development"<de...@myfaces.apache.org>
> >>> Date: Thursday, February 10, 2011, 10:59 AM
> >>> Hi,
> >>>
> >>> I've some comments to the JVM bug for the bad
> number
> >>> 2.2250738585072012e-00308
> >>> (https://issues.apache.org/jira/browse/MYFACES-3024)
> >>>
> >>> The problem occures for values which are "very
> very low".
> >>> But the hotfix also rejects numbers like
> >>> 2.22507385850720120e-10 which is not so
> abnormal.
> >>>
> >>> Would it not be better, when the hotfix is
> configurable (be
> >>> default turned on), so that the admin can
> switch it off,
> >>> when the JVM bugfix is applied?
> >>>
> >>> The fix should also be done for 1.2, because
> many
> >>> productive systems using it.
> >>>
> >>> What do you think?
> >>>
> >>> Regards
> >>>
> >>> Udo
> >>>
> >>>
> >>
> >>
> >>
> >
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
Re: About the JVM bug with 2.2250738585072012e-00308
Posted by Matthias Wessendorf <ma...@apache.org>.
Udo,
is there a link to their bug?
pretty interesting that they now fix it for almost everything :)
On Thu, Feb 10, 2011 at 1:14 PM, Udo Schnurpfeil <ud...@schnurpfeil.de> wrote:
> BTW: The hotfix from Oracle is for 1.4, 5.0 and 6.0.
>
> Regards
>
> Udo
>
> Am 10.02.11 12:06, schrieb Mark Struberg:
>>
>> txs 4 the review!
>>
>>> But the hotfix also rejects numbers like
>>> 2.22507385850720120e-10 which is not so abnormal.
>>
>> not abnormal but still moderately unlikely.
>>
>> I agree for a long term scenario.
>>
>> Basically the default should be to disable this workaround and to make it
>> available via configuration. Btw, it seems that Oracle finally reacted and
>> will hopefully ship a fixed JVM 1.6 soon (no help for Java5 users of
>> course).
>>
>>> The fix should also be done for 1.2, because many
>>> productive systems using it.
>>
>> +1
>>
>> LieGrue,
>> strub
>>
>> --- On Thu, 2/10/11, Udo Schnurpfeil<ud...@schnurpfeil.de> wrote:
>>
>>> From: Udo Schnurpfeil<ud...@schnurpfeil.de>
>>> Subject: About the JVM bug with 2.2250738585072012e-00308
>>> To: "MyFaces Development"<de...@myfaces.apache.org>
>>> Date: Thursday, February 10, 2011, 10:59 AM
>>> Hi,
>>>
>>> I've some comments to the JVM bug for the bad number
>>> 2.2250738585072012e-00308
>>> (https://issues.apache.org/jira/browse/MYFACES-3024)
>>>
>>> The problem occures for values which are "very very low".
>>> But the hotfix also rejects numbers like
>>> 2.22507385850720120e-10 which is not so abnormal.
>>>
>>> Would it not be better, when the hotfix is configurable (be
>>> default turned on), so that the admin can switch it off,
>>> when the JVM bugfix is applied?
>>>
>>> The fix should also be done for 1.2, because many
>>> productive systems using it.
>>>
>>> What do you think?
>>>
>>> Regards
>>>
>>> Udo
>>>
>>>
>>
>>
>>
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
Re: About the JVM bug with 2.2250738585072012e-00308
Posted by Mark Struberg <st...@yahoo.de>.
but do they release 1.2 and 5.0 also to the public, or only to paying customers?
LieGrue,
strub
--- On Thu, 2/10/11, Udo Schnurpfeil <ud...@schnurpfeil.de> wrote:
> From: Udo Schnurpfeil <ud...@schnurpfeil.de>
> Subject: Re: About the JVM bug with 2.2250738585072012e-00308
> To: "MyFaces Development" <de...@myfaces.apache.org>
> Date: Thursday, February 10, 2011, 12:14 PM
> BTW: The hotfix from Oracle is for
> 1.4, 5.0 and 6.0.
>
> Regards
>
> Udo
>
> Am 10.02.11 12:06, schrieb Mark Struberg:
> > txs 4 the review!
> >
> >> But the hotfix also rejects numbers like
> >> 2.22507385850720120e-10 which is not so abnormal.
> > not abnormal but still moderately unlikely.
> >
> > I agree for a long term scenario.
> >
> > Basically the default should be to disable this
> workaround and to make it available via configuration. Btw,
> it seems that Oracle finally reacted and will hopefully ship
> a fixed JVM 1.6 soon (no help for Java5 users of course).
> >
> >> The fix should also be done for 1.2, because many
> >> productive systems using it.
> > +1
> >
> > LieGrue,
> > strub
> >
> > --- On Thu, 2/10/11, Udo Schnurpfeil<ud...@schnurpfeil.de>
> wrote:
> >
> >> From: Udo Schnurpfeil<ud...@schnurpfeil.de>
> >> Subject: About the JVM bug with
> 2.2250738585072012e-00308
> >> To: "MyFaces Development"<de...@myfaces.apache.org>
> >> Date: Thursday, February 10, 2011, 10:59 AM
> >> Hi,
> >>
> >> I've some comments to the JVM bug for the bad
> number
> >> 2.2250738585072012e-00308 (https://issues.apache.org/jira/browse/MYFACES-3024)
> >>
> >> The problem occures for values which are "very
> very low".
> >> But the hotfix also rejects numbers like
> >> 2.22507385850720120e-10 which is not so abnormal.
> >>
> >> Would it not be better, when the hotfix is
> configurable (be
> >> default turned on), so that the admin can switch
> it off,
> >> when the JVM bugfix is applied?
> >>
> >> The fix should also be done for 1.2, because many
> >> productive systems using it.
> >>
> >> What do you think?
> >>
> >> Regards
> >>
> >> Udo
> >>
> >>
> >
> >
> >
>
Re: About the JVM bug with 2.2250738585072012e-00308
Posted by Udo Schnurpfeil <ud...@schnurpfeil.de>.
BTW: The hotfix from Oracle is for 1.4, 5.0 and 6.0.
Regards
Udo
Am 10.02.11 12:06, schrieb Mark Struberg:
> txs 4 the review!
>
>> But the hotfix also rejects numbers like
>> 2.22507385850720120e-10 which is not so abnormal.
> not abnormal but still moderately unlikely.
>
> I agree for a long term scenario.
>
> Basically the default should be to disable this workaround and to make it available via configuration. Btw, it seems that Oracle finally reacted and will hopefully ship a fixed JVM 1.6 soon (no help for Java5 users of course).
>
>> The fix should also be done for 1.2, because many
>> productive systems using it.
> +1
>
> LieGrue,
> strub
>
> --- On Thu, 2/10/11, Udo Schnurpfeil<ud...@schnurpfeil.de> wrote:
>
>> From: Udo Schnurpfeil<ud...@schnurpfeil.de>
>> Subject: About the JVM bug with 2.2250738585072012e-00308
>> To: "MyFaces Development"<de...@myfaces.apache.org>
>> Date: Thursday, February 10, 2011, 10:59 AM
>> Hi,
>>
>> I've some comments to the JVM bug for the bad number
>> 2.2250738585072012e-00308 (https://issues.apache.org/jira/browse/MYFACES-3024)
>>
>> The problem occures for values which are "very very low".
>> But the hotfix also rejects numbers like
>> 2.22507385850720120e-10 which is not so abnormal.
>>
>> Would it not be better, when the hotfix is configurable (be
>> default turned on), so that the admin can switch it off,
>> when the JVM bugfix is applied?
>>
>> The fix should also be done for 1.2, because many
>> productive systems using it.
>>
>> What do you think?
>>
>> Regards
>>
>> Udo
>>
>>
>
>
>
Re: About the JVM bug with 2.2250738585072012e-00308
Posted by Mark Struberg <st...@yahoo.de>.
txs 4 the review!
> But the hotfix also rejects numbers like
> 2.22507385850720120e-10 which is not so abnormal.
not abnormal but still moderately unlikely.
I agree for a long term scenario.
Basically the default should be to disable this workaround and to make it available via configuration. Btw, it seems that Oracle finally reacted and will hopefully ship a fixed JVM 1.6 soon (no help for Java5 users of course).
> The fix should also be done for 1.2, because many
> productive systems using it.
+1
LieGrue,
strub
--- On Thu, 2/10/11, Udo Schnurpfeil <ud...@schnurpfeil.de> wrote:
> From: Udo Schnurpfeil <ud...@schnurpfeil.de>
> Subject: About the JVM bug with 2.2250738585072012e-00308
> To: "MyFaces Development" <de...@myfaces.apache.org>
> Date: Thursday, February 10, 2011, 10:59 AM
> Hi,
>
> I've some comments to the JVM bug for the bad number
> 2.2250738585072012e-00308 (https://issues.apache.org/jira/browse/MYFACES-3024)
>
> The problem occures for values which are "very very low".
> But the hotfix also rejects numbers like
> 2.22507385850720120e-10 which is not so abnormal.
>
> Would it not be better, when the hotfix is configurable (be
> default turned on), so that the admin can switch it off,
> when the JVM bugfix is applied?
>
> The fix should also be done for 1.2, because many
> productive systems using it.
>
> What do you think?
>
> Regards
>
> Udo
>
>