1 files changed, 83 insertions, 0 deletions

diff --git a/java/icedtea-web/files/NEWS.html b/java/icedtea-web/files/NEWS.html
new file mode 100644
index 000000000000..5bb514b546c3
--- /dev/null
+++ b/java/icedtea-web/files/NEWS.html
@@ -0,0 +1,83 @@
+Key:<br>
+<br>
+SX&ensp;&ensp;- <a href="http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X">http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X</a><br>
+PRX - <a href="http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X">http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X</a><br>
+RHX - <a href="https://bugzilla.redhat.com/show_bug.cgi?id=X">https://bugzilla.redhat.com/show_bug.cgi?id=X</a><br>
+DX&ensp;&ensp;- <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X</a><br>
+GX&ensp;&ensp;- <a href="http://bugs.gentoo.org/show_bug.cgi?id=X">http://bugs.gentoo.org/show_bug.cgi?id=X</a><br>
+<br>
+CVE-XXXX-YYYY: <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY</a><br>
+<br>
+<b>New in release 1.5 (2014-04-02):<br></b>
+* IcedTea-Web now using tagsoup as default (tagsoup dependence) sanitizer for input<br>
+* JDK older then 1.5 no longer supported<br>
+* IcedTea-Web is now following XDG .config and .cache specification(RH947647)<br>
+* A console for debugging plugin and javaws<br>
+* Dialogs center on screen before becoming visible<br>
+* Support for u45 and u51 new manifest attributes (Application-Name, Codebase, Permissions, Trusted-only)<br>
+* Custom applet permission policies panel in itweb-settings control panel<br>
+* javaws -version flag<br>
+* New PolicyEditor for easily adding/removing permissions to individual applets<br>
+* Cache Viewer<br>
+&ensp;&ensp;- Can be closed by ESC key<br>
+&ensp;&ensp;- Enabling and disabling of operational buttons is handled properly<br>
+&ensp;&ensp;- Time consuming operations are indicated by a mouse busy cursor<br>
+&ensp;&ensp;- "Size" and "Last Modified" columns display localized data<br>
+* NetX<br>
+&ensp;&ensp;- PR1465 - java.io.FileNotFoundException while trying to download a JAR file<br>
+&ensp;&ensp;- Netx can now parse malformed jnlp files using tagsoup<br>
+&ensp;&ensp;- PR1026 - Apps fail to run because of the nanoxml parser's strict XML validation<br>
+&ensp;&ensp;- PR1473 - javaws should not depend on name of local file<br>
+&ensp;&ensp;- Redesigned About dialogue layout and contents<br>
+&ensp;&ensp;- Console made aware of plugin messages<br>
+* Plugin<br>
+&ensp;&ensp;- PR854: Resizing an applet several times causes 100% CPU load<br>
+&ensp;&ensp;- PR1271: icedtea-web does not handle 'javascript:'-protocol URLs<br>
+&ensp;&ensp;- RH976833: Multiple applets on one page cause deadlock<br>
+&ensp;&ensp;- Pipes moved into XDG_RUNTIME_DIR<br>
+&ensp;&ensp;- Added debug to file<br>
+&ensp;&ensp;- RH1010958: insecure temporary file use flaw in LiveConnect implementation<br>
+* Common<br>
+&ensp;&ensp;- PR1474: Can't get javaws to use SOCKS proxy<br>
+&ensp;&ensp;- Man page for itweb-settings<br>
+* Security Updates<br>
+&ensp;&ensp;- CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet<br>
+<br>
+<b>New in release 1.4 (2013-XX-XX):<br></b>
+* Added cs localization<br>
+* Added de localization<br>
+* Added pl localization<br>
+* Splash screen for javaws and plugin<br>
+* Better error reporting for plugin via Error-splash-screen<br>
+* All IcedTea-Web dialogues are centered to middle of active screen<br>
+* Download indicator made compact for more then one jar<br>
+* User can select its own JVM via itw-settings and deploy.properties.<br>
+* Added extended applets security settings and dialogue<br>
+* Security updates<br>
+&ensp;&ensp;- CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.<br>
+&ensp;&ensp;- CVE-2013-1927, RH884705: fixed gifar vulnerabilit<br>
+&ensp;&ensp;- CVE-2012-3422, RH840592: Potential read from an uninitialized memory location<br>
+&ensp;&ensp;- CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings<br>
+* NetX<br>
+&ensp;&ensp;- PR1027: DownloadService is not supported by IcedTea-Web<br>
+&ensp;&ensp;- PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run<br>
+&ensp;&ensp;- PR1292: Javaws does not resolve versioned jar names with periods correctly<br>
+* Plugin<br>
+&ensp;&ensp;- PR1106: Buffer overflow in plugin table-<br>
+&ensp;&ensp;- PR1166: Embedded JNLP File is not supported in applet tag<br>
+&ensp;&ensp;- PR1217: Add command line arguments for plugins<br>
+&ensp;&ensp;- PR1189: Icedtea-plugin requires code attribute when using jnlp_href<br>
+&ensp;&ensp;- PR1198: JSObject is not passed to javascript correctly<br>
+&ensp;&ensp;- PR1260: IcedTea-Web should not rely on GTK<br>
+&ensp;&ensp;- PR1157: Applets can hang browser after fatal exception<br>
+&ensp;&ensp;- PR580: <a href="http://www.horaoficial.cl/">http://www.horaoficial.cl/</a> loads improperly<br>
+* Common<br>
+&ensp;&ensp;- PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered<br>
+&ensp;&ensp;- PR955: regression: SweetHome3D fails to run<br>
+&ensp;&ensp;- PR1145: IcedTea-Web can cause ClassCircularityError<br>
+&ensp;&ensp;- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7<br>
+&ensp;&ensp;- PR822: Applets fail to load if jars have different signers<br>
+&ensp;&ensp;- PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null<br>
+&ensp;&ensp;- PR909: The Java applet at <a href="http://de.gosupermodel.com/games/wardrobegame.jsp">http://de.gosupermodel.com/games/wardrobegame.jsp</a> fails<br>
+&ensp;&ensp;- PR1299: WebStart doesn't read socket proxy settings from firefox correctly<br>
+<br>