Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: 2 Major 2 Major
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.2
    • Component/s: Build
    • Labels:
      None
    • Terracotta Target:
      BigMemory Max 4.0.2
    • Fixed In Revision:
      2325

      Description

      In older releases we had jar files such as:

      • quartz-all-2.1.7.jar (with everything)
      • quartz-2.1.7.jar (with only core stuff)
      • quartz-jboss-2.1.7.jar (with the jboss related extensions)
      • quartz-oracle-2.1.7.jar (with the oracle related extensions)
      • quartz-weblogic-2.1.7.jar (weblogic stuff)
      • etc.

      For 2.2.0 we will move to the following:

      • quartz-2.2.0.jar (with everything excepting the out-of-the-box jobs)
      • quartz-jobs-2.2.0.jar (with the out-of-the-box jobs)

      The out of the box jobs are being separated because some of them can pose security threats to applications that embed quartz and expose functionality to allow users to dynamically define and create jobs - e.g. the NativeJob can be used to execute any command on the host system. Other jobs can be use to send mail/spam, etc..

      Note that this is not always a security risk - just if the application embedding quartz exposes a way for a user to define and schedule arbitrary jobs of any class.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Hung Huynh
            Reporter:
            James House
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: