|Re: xalan_2.7.1 flagged for possible security violation [message #1220647 is a reply to message #1220643]
||Thu, 12 December 2013 20:20
| Patrick Rusk
Registered: June 2012
I have looked into this a bit more and am definitely confused by one thing, and slighly concerned about it, too.|
The jar referenced in that directory is called "org.apache.xalan_2.7.1.v201005080400.jar", which is the exact name of the standard plug-in that is found in, say, the Eclipse IDE for Java EE Developers (4.3.1) plugins directory. Yet, the jar downloaded from the Orbit site is two bytes larger, and a binary diff shows tons of differences.
That could certainly be accounted for if someone recompiled the code intentionally and innocently, but why have "v201005080400" in there, rather than the date and time of the actual recompile?
Again, I could think of potentially innocent reasons to do that, but is there any chance that someone has deliberately constructed a mischievous file and put it there?
If the file on the Orbit site was an identical binary, I would definitely regard this as a false positive. I was pretty surprised that it wasn't identical.
Powered by FUDForum
. Page generated in 0.01992 seconds