0 Replies Latest reply on Mar 12, 2008 1:46 PM by BWolfe [ADOBE]

    [ADOBE ANNOUNCE] Preparing for upcoming April 2008 Flash Player 9 security update

    BWolfe [ADOBE] Level 3
      Flash Player team is doing some 'pre-communication' around the security changes in the -next- version of Flash Player, releasing in April 2008.

      So we're starting with some blog posts, articles and technotes so that these changes can spread to the community. There will likely be more than this by release time as well (and new communication will come at that time).

      Blogs:
      Emmy Huang:
      http://weblogs.macromedia.com/emmy/

      Justin Everett-Church:
      http://justin.everett-church.com/


      Developer Center articles:
      "Preparing for the Flash Player 9 April 2008 Security Update" (
      http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html)

      Everyone should read and become familiar with the current article on Flash Player 9.0.115.0's 'phase 1' security changes.. this outlines a lot of what's been changed, and gives you an idea what to think about for the upcoming April release. "Security Changes in Flash Player 9" (v9.0.115.0) at http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html.

      There are a few other articles with specifics about socketpolicyfile handling coming up, but they’re not quite done yet..

      Specific technotes w/ code:
      “Changes in allowScriptAccess default (Flash Player)”
      ( http://www.adobe.com/go/kb403183)

      “Authorization header does not work for an HTTP request (Flash Player)”
      ( http://www.adobe.com/go/kb403184)

      “Arbitrary headers are not sent from Flash Player to a remote domain”
      ( http://www.adobe.com/go/kb403185)

      “Sockets do not function in Flash Player versions later than 9.0.115.0”
      ( http://www.adobe.com/go/kb403186)

      “javascript:" URLs no longer function in networking APIs (Flash Player)”
      ( http://www.adobe.com/go/kb403187)[b technotes w/ code: