[Engine-devel] Secret quartz update checks
Juan Hernandez
jhernand at redhat.com
Mon Feb 25 14:39:21 UTC 2013
On 02/25/2013 03:14 PM, Juan Hernandez wrote:
> On 02/25/2013 03:13 PM, Doron Fediuck wrote:
>> Hi,
>> While deploying a development setup in a new machine I noticed the following quartz line:
>>
>> 2013-02-25 16:10:28,546 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed "engine.ear"
>> 2013-02-25 16:10:30,143 INFO [org.quartz.utils.UpdateChecker] (Timer-1) New Quartz update(s) found: 2.1.6 [http://www.terracotta.org/kit/reflector?kitID=default&pageID=QuartzChangeLog]
>>
>> This is suggesting that quartz is reaching out to verify on new updates.
>> Do we really need it?
>> Do we really want it?
>>
>
> Yes, it is indeed calling home, which is bad from the security point of
> view. We must disable it.
>
The following patch should avoid that, I appreciate if you can review
and test it:
http://gerrit.ovirt.org/12411
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
More information about the Devel
mailing list