Duke v1.2 and below exists to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.
larsga duke