Details

    • Type: Bug
    • Status: Resolved
    • Priority: 2 Major
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.2
    • Component/s: Build
    • Labels:
      None
    • Terracotta Target:
      BigMemory Max 4.0.2
    • Fixed In Revision:
      2325

      Description

      In older releases we had jar files such as:

      • quartz-all-2.1.7.jar (with everything)
      • quartz-2.1.7.jar (with only core stuff)
      • quartz-jboss-2.1.7.jar (with the jboss related extensions)
      • quartz-oracle-2.1.7.jar (with the oracle related extensions)
      • quartz-weblogic-2.1.7.jar (weblogic stuff)
      • etc.

      For 2.2.0 we will move to the following:

      • quartz-2.2.0.jar (with everything excepting the out-of-the-box jobs)
      • quartz-jobs-2.2.0.jar (with the out-of-the-box jobs)

      The out of the box jobs are being separated because some of them can pose security threats to applications that embed quartz and expose functionality to allow users to dynamically define and create jobs - e.g. the NativeJob can be used to execute any command on the host system. Other jobs can be use to send mail/spam, etc..

      Note that this is not always a security risk - just if the application embedding quartz exposes a way for a user to define and schedule arbitrary jobs of any class.

        Attachments

          Activity

            People

            • Assignee:
              hhuynh Hung Huynh
              Reporter:
              jhouse James House
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: