Provide details about the security changes in p2 and the impact on PDE (#95)
https://github.com/eclipse-equinox/p2/issues/230
https://github.com/eclipse-equinox/p2/issues/235
https://github.com/eclipse-equinox/p2/pull/245
https://github.com/eclipse-equinox/p2/pull/248
diff --git a/4.28/images/TrustArtifactsDialog.png b/4.28/images/TrustArtifactsDialog.png
new file mode 100644
index 0000000..abcb3f7
--- /dev/null
+++ b/4.28/images/TrustArtifactsDialog.png
Binary files differ
diff --git a/4.28/images/TrustArtifactsDialogReject.png b/4.28/images/TrustArtifactsDialogReject.png
new file mode 100644
index 0000000..8471900
--- /dev/null
+++ b/4.28/images/TrustArtifactsDialogReject.png
Binary files differ
diff --git a/4.28/images/TrustAuthoritiesDialog.png b/4.28/images/TrustAuthoritiesDialog.png
new file mode 100644
index 0000000..353e7f7
--- /dev/null
+++ b/4.28/images/TrustAuthoritiesDialog.png
Binary files differ
diff --git a/4.28/images/TrustAuthoritiesPreferences.png b/4.28/images/TrustAuthoritiesPreferences.png
new file mode 100644
index 0000000..d86956f
--- /dev/null
+++ b/4.28/images/TrustAuthoritiesPreferences.png
Binary files differ
diff --git a/4.28/images/TrustRevokedKeyPrompt.png b/4.28/images/TrustRevokedKeyPrompt.png
new file mode 100644
index 0000000..3d59544
--- /dev/null
+++ b/4.28/images/TrustRevokedKeyPrompt.png
Binary files differ
diff --git a/4.28/pde.html b/4.28/pde.html
index ca010a2..5f165f9 100644
--- a/4.28/pde.html
+++ b/4.28/pde.html
@@ -27,6 +27,7 @@
<li><a href="#editors">Editors</a></li>
<li><a href="#APITools">API Tools</a></li>
<li><a href="#pde-compiler">PDE Compiler</a></li>
+ <li><a href="#security">Security</a></li>
</ul>
<!-- ****************** START OF N&N TABLE****************** -->
@@ -84,6 +85,21 @@
<td id="pde-compiler" class="section" colspan="2"><h2>PDE Compiler</h2></td>
</tr>
<!-- ******************** End of PDE Compiler ********************** -->
+
+ <!-- ******************** Security ********************** -->
+ <tr>
+ <td id="security" class="section" colspan="2"><h2>Security</h2></td>
+ </tr>
+ <!-- ******************** End of Security********************** -->
+ <tr id="force-https">
+ <!-- https://github.com/eclipse-equinox/p2/issues/230 -->
+ <td class="title">CVE-2021-41033: Enforce <tt>https</tt> protocol</td>
+ <td class="content">
+ PDE's access to update sites when populating target platforms is affected by the enforcement of <tt>https</tt> access.
+ See the Platform's <a href="Platform.php#force-https">CVE-2021-41033: Enforce <tt>https</tt> protocol</a> section for details.
+ </td>
+ </tr>
+
<tr><td colspan="2"/></tr>
</tbody>
</table>
diff --git a/4.28/platform.html b/4.28/platform.html
index 4133b8c..9f1679e 100644
--- a/4.28/platform.html
+++ b/4.28/platform.html
@@ -27,6 +27,7 @@
<li><a href="#TextEditors">Text Editors</a></li>
<li><a href="#Preferences">Preferences</a></li>
<li><a href="#StylingThemes">Themes and Styling</a></li>
+ <li><a href="#Security">Security</a></li>
<li><a href="#GeneralUpdates">General Updates</a></li>
</ul>
@@ -69,6 +70,125 @@
</tr>
<!-- ******************* End of Themes and Styling ************************************* -->
+ <!-- ******************* Security ************************************* -->
+ <tr>
+ <td id="Security" class="section" colspan="2">
+ <h2>Security</h2>
+ </td>
+ </tr>
+
+ <tr id="force-https">
+ <!-- https://github.com/eclipse-equinox/p2/issues/230 -->
+ <td class="title">CVE-2021-41033: Enforce <tt>https</tt> protocol</td>
+ <td class="content">
+ To address <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41033" target="_blank">CVE-2021-41033</a>,
+ all access to external update sites and their artifacts is forced to use <tt>https</tt>, even when <tt>http</tt> is specified.
+ The following system properties can be used to affect this behavior:
+ <br/>
+ <br/>
+ <ul>
+ <li><code>p2.httpRule</code></li>
+ <ul>
+ <li><code>redirect</code></li>
+ <ul><li><tt>http:// → https://</tt></tt></li></ul>
+ <li><code>allow</code></li>
+ <ul><li><tt>http:// → http://</tt></li></ul>
+ <li><code>block</code></li>
+ <ul><li><tt>http:// → </tt>fail</li></ul>
+ </ul>
+ <li><code>p2.ftpRule</code></li>
+ <ul>
+ <li><code>redirect</code></li>
+ <ul><li><tt>ftp:// → ftps://</tt></li></ul>
+ <li><code>allow</code></li>
+ <ul><li><tt>ftp:// → ftp://</tt></li></ul>
+ <li><code>block</code></li>
+ <ul><li><tt>ftp:// → </tt>fail</li></ul>
+ </ul>
+ </ul>
+ <p>
+ Adding the line <code>-Dp2.httpRule=allow</code> as the last line of the <code>eclipse.ini</code> can be used to restore the previous behavior.
+ This can be relevant inside a corporate environment where the firewall may introduce certificates into the network traffic that are not recognized by the cacerts of the Java runtime,
+ i.e., this may be used to avoid "PKIX path validation failed" exceptions that can otherwise be fixed only by importing the firewall certificate into the Java runtime's cacerts.
+ </p>
+ </td>
+ </tr>
+
+ <tr id="trusted-authorities">
+ <!-- https://github.com/eclipse-equinox/p2/issues/235 -->
+ <td class="title">CVE-2021-41037: Track trusted hosts</td>
+ <td class="content">
+ To address <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41037" target="_blank">CVE-2021-41037</a>,
+ all access to external update sites and their artifacts during installation and updates is tracked and reported so that you are made aware of the source of the content being installed and can decide whether to trust content from that source.
+ This provides an additional level of security in addition to the signing of artifacts.
+ Simply installing content, even without actually installing any associated artifacts, can in general reconfigure the installation and that could potentially be used for malicious purposes.
+ Also, simply because an artifact is signed, doesn't imply the artifact is necessarily trustworthy.
+ It is important to take into account the source of installed content before installing that content.
+ <p>
+ When installing new content as well as when installing updates,
+ the following <b>Trust Authorities</b> dialog is displayed showing the sites that have been contacted,
+ details about those sites,
+ and details about the specific content being installed from each site:
+ </p>
+ <p>
+ <img src="images/TrustAuthoritiesDialog.png" alt="Trust Authorities Dialog" style="max-width: 100%;"/>
+ </p>
+ <p>
+ All content must originate from sites explicitly accepted as trusted before installation proceeds and before library artifacts are downloaded.
+ The trusted authorities can be remembered in the preferences to avoid being prompted repeatedly for authorities that have already been considered as trusted.
+ Those recorded preferences are available for review and modification via the <b>Authorities</b> tab of the <b>Install/Update → Trust</b> preferences:
+ </p>
+ <p>
+ <img src="images/TrustAuthoritiesPreferences.png" alt="Trusted Authorities Preferences" style="max-width: 100%;"/>
+ </p>
+ <p>
+ The system property <code>p2.trustedAuthorities</code> can be used to specify a (comma or space separated) list of authorities considered trusted.
+ The default value is effectively <code>-Dp2.trustedAuthorities=https://download.eclipse.org,https://archive.eclipse.org</code>,
+ but product providers may set it differently in their product's <code>eclipse.ini</code>.
+ </p>
+ </td>
+ </tr>
+
+ <tr id="pgp-revocation">
+ <!-- https://github.com/eclipse-equinox/p2/pull/245 -->
+ <td class="title">PGP Key Revocation Handling</td>
+ <td class="content">
+ In the event that a PGP key is compromised, the key may be revoked.
+ Artifacts signed before the revocation date are generally still valid,
+ but an attacker can create back-dated signatures.
+ Therefore, any artifact signed with a revoked key,
+ and any internal exception that occurs while processing the revocation information of the key,
+ will result in that artifact being treated as a suspicious artifact,
+ leading to a <b>Trust Artifacts</b> prompt:
+ <p>
+ <img src="images/TrustArtifactsDialog.png" alt="Trust Artifacts Dialog" style="max-width: 100%;"/>
+ </p>
+ <p>
+ You may still choose to install such content, but you will be reminded of the risk:
+ </p>
+ <p>
+ <img src="images/TrustRevokedKeyPrompt.png" alt="Trust Revoked Key Prompt" style="max-width: 100%;"/>
+ <p>
+ You should consider very carefully the source of the content as <a href="#trusted-authorities">tracked</a> for your review <b>before</b> taking this risk.
+ </p>
+ </td>
+ </tr>
+
+ <tr id="untrusted-artifacts">
+ <!-- https://github.com/eclipse-equinox/p2/pull/248 -->
+ <td class="title">Untrusted Artifact Handling</td>
+ <td class="content">
+ As an extra security precaution, the handling of <b>Cancel</b> for the <b>Trust Artifacts</b> dialog has been modified:
+ <p>
+ <img src="images/TrustArtifactsDialogReject.png" alt="Trust Artifacts Dialog Reject" style="max-width: 100%;"/>
+ </p>
+ In particular, if you choose to reject the content,
+ i.e., if you press <b>Cancel</b> or close the dialog,
+ any of the prompted artifacts that have been downloaded during the current install or update operation will be removed from disk to avoid caching of untrusted artifacts.
+ </td>
+ </tr>
+ <!-- ******************* End of Security ************************************* -->
+
<!-- ******************* General Updates ************************************* -->
<tr>
<td id="GeneralUpdates" class="section" colspan="2">
@@ -80,8 +200,8 @@
<!-- https://github.com/eclipse-platform/eclipse.platform.debug/pull/122 -->
<td class="title">Launch/Debug context menus directly shows relevant launch configurations</td>
<td class="content">
- In the "Run As/Debug As" context-menus, the shortcuts that can resolve directly to 1 or several
- launch configurations (ie shortcuts which implement <code>ILaunchShortcut2</code>) are replaced by
+ In the "Run As/Debug As" context-menus, the shortcuts that can resolve directly to 1 or more
+ launch configurations (i.e., shortcuts which implement <code>ILaunchShortcut2</code>) are replaced by
the resolved launch directly.
<p>This allows to more directly know which launch configuration will be used for the Run or Debug
session so it will be easier to identify it afterwards if you intend to tweak it. It is also useful
diff --git a/index.html b/index.html
index 6a7b328..332eca6 100644
--- a/index.html
+++ b/index.html
@@ -14,6 +14,17 @@
This page links to the recent new and noteworthy changes in the Eclipse SDK project.
</p>
+ <p>2023-06 (4.28) release:</p>
+
+ <blockquote>
+ <ul>
+ <li><a href="4.28/platform.php">New features in the Platform and Equinox</a></li>
+ <li><a href="4.28/jdt.php">New features for Java developers</a></li>
+ <li><a href="4.28/platform_isv.php">New APIs in the Platform and Equinox</a></li>
+ <li><a href="4.28/pde.php">New features for plug-in developers</a></li>
+ </ul>
+ </blockquote>
+
<p>2023-03 (4.27) release:</p>
<blockquote>
