Is there any reason not to use the latest version 1.5.0? Has anyone used 1.5.0? Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+ Network Administrator -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig http://thethin.net Sent: Tuesday, March 08, 2005 12:38 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] KB: CTX105845 - MetaFrame Presentation Server installs a JRE with a known security vulnerability CTX105845 - MetaFrame Presentation Server installs a JRE with a known security vulnerability This document was published at: http://support.citrix.com/kb/entry.jspa?externalID=CTX105845 Document ID: CTX105845, Created on: Feb 11, 2005, Updated: Mar 8, 2005 Products: Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame XP 1.0 for Microsoft Windows 2003, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix MetaFrame XP 1.0 for Microsoft NT 4.0 Server Terminal Server Edition Severity: Medium Description of Problem Some versions of MetaFrame Presentation Server for Windows install a JRE with a known security vulnerability. For more details on the JRE security vulnerability please refer to the following document: <http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1> http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 This problem affects the following versions of MetaFrame Presentation Server for Windows: o 1.0 - all languages / platforms. o 1.0 FR1 - all languages / platforms. o 1.0 FR2 - all languages / platforms. o 1.0 FR3 - all languages / platforms. o 3.0 - all languages / platforms. What Customers Should Do Citrix recommends that all customers using affected versions should follow the instructions in the above document and upgrade the JRE to version 1.4.2_06. If any third-party applications have a dependency on the existing JRE then customers should consider performing an appropriate level of compatibility testing with the new JRE before deploying it in a production environment. What Citrix Is Doing Citrix is proactively notifying customers and channel partners about this potential security issue. An article containing the information in this bulletin is available from the Citrix Knowledge Base at <http://support.citrix.com/> http://support.citrix.com/. Obtaining Support on this Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Information for contacting Citrix Technical Support is available at <http://support.citrix.com/> http://support.citrix.com/. Reporting Security Vulnerabilities to Citrix Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities very seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@xxxxxxxxxx containing the exact version of the product in which the vulnerability was found and steps to reproduce the vulnerability.