Out of date Java

kenbec · ‎10-17-2008

I run a program called Secunia which checks for vulnerabilities in my system.

It is coming up with a message saying there is a vulnerability because of an out of date version (5.0.120.4) of the Sun Java JRE embedded in the Harmony software/firmware?

I assume Logitech will update this as I can't. Correct?

regards

ken

TV LG 32LC7D; DVD Pioneer DV-400V; PVR Beyonwiz DP-P1; DVD Recorder LG RH2T80.

jdbower · ‎11-30-2007

Eventually it's likely it will be updated, but in the mean time Logitech has implemented it as a closed system. This means that they only need to test with specific JVM releases and since only Logitech's programs should be using that Java install there's no real need to keep things up to date. There was a recent thread regarding their Flash version as well which describes in a lot more detail why the bundled apps are always going to be a bit out of date and why it's not a huge issue. If you search for Secunia and Flash it should come up.

Are you a WannabeFAQreader?

kenbec · ‎10-17-2008

jdbower

Many thanks.

I have marked the thread as solved although I am not too pleased with the idea of having on my computer a version of Java which has been declared as vulnerable.

I read the Flash thread.

Regards,

ken

TV LG 32LC7D; DVD Pioneer DV-400V; PVR Beyonwiz DP-P1; DVD Recorder LG RH2T80.

aBrick · ‎02-17-2008

Just to chime in... This is a horrible practice for software with dependencies on third parties. Though it may "help" Logitech ensure that their applications will work properly, it provides no protection for users that are unaware that there is, what I consider, a rogue installation of a Java version of the software that's now in it's EOL phase-out stages. This practice is completely irresponsible for Logitech and this should be fixed.

kenbec · ‎10-17-2008

jdblower wrote

Eventually it's likely it will be updated, but in the mean time Logitech has implemented it as a closed system. This means that they only need to test with specific JVM releases and since only Logitech's programs should be using that Java install there's no real need to keep things up to date. There was a recent thread regarding their Flash version as well which describes in a lot more detail why the bundled apps are always going to be a bit out of date and why it's not a huge issue. If you search for Secunia and Flash it should come up.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I agree with aBrick

It seems very silly to me for a software developer to "implement as a closed system" (whatever that means) using a product like Java which changes so frequently due to security issues.

I am nervous about the statement "since only Logitech's programs should be using that Java install" since in my view the key word there is "should". I feel sure someone intent on compromising a computer would not pay any attention to Logitech's intention to be the only one using this version of Java.

If I am correct Logitech should make it a principle to update any included software as a matter of priority before any damage is done.

ken

TV LG 32LC7D; DVD Pioneer DV-400V; PVR Beyonwiz DP-P1; DVD Recorder LG RH2T80.

Harmony Remotes - Software/Firmware

Out of date Java

Re: Out of date Java

Re: Out of date Java

Re: Out of date Java

Re: Out of date Java