[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ide-dev] [eclipse.org-architecture-council] Security flaw in ADT is somehow presented as a flaw in Eclipse IDE
- From: "Max Rydahl Andersen" <manderse@xxxxxxxxxx>
- Date: Wed, 06 Dec 2017 09:10:13 +0100
- Delivered-to: firstname.lastname@example.org
This piece of news is spreading very fast on social media. As far as I
understand (and I may be wrong), the security flaw mentioned here
Eclipse IDE itself but in ADT or some other piece of Android SDK.
So basically, Eclipse IDE has once again its image hurt by an issue in
All IDE's was hurt. lets not make it more bleak than it is - also be
issue of xml external entity leaks are not new; its been known for years
an issue if your xml parsing don't guard itself against relative paths.
Now it seems android toolkit is affected by it too.
If this happens to be the case, it would be interesting to have the
Foundation sending a PR to explain that Eclipse IDE itself is fine,
open for extensions, and that security flaws in extensions are only
responsibility of extension providers; and warn against this kind of
message which tends to blame the wrong layer.
I'm sorry but the news seem to be all balanced on this - they state it
affected all major IDE's (which is true) and it needs fixing. Article
it has been fixed, but do we know if Eclipse ADT has been fixed ?
On marketplace its listed as having no updates since 20160-11-07
Question is now if like happened with Eclipse Class Decompiler - if
remove ADT from marketplace ? See