![]() And ColdFusion 20 (the currently supported CF versions) do NOT yet support Java 17. While Java 17 is indeed a new long-term support release for Java, so too are Java 8 and 11 still LTS releases.You can expect a notification warning you about that soon, if you have not already gotten one. If you use Pete Freitag's wonderful Hackm圜F service, he too has already updated his service to detect if you are not yet running the updated versions of either Java 8 or 11.Thanks for that quick response, Adobe! (In the past, it's taken days or even weeks, causing a lot of confusion and heartburn.) The Adobe downloads page does indeed already have the downloads today for Java 11.0.14 and 1.8.0_321.Since the focus of my blog and work is indeed mostly focused on those using Adobe ColdFusion, I will clarify for them that: News for my CF audience (you CAN get the Java updates from Adobe now, you should NOT for now use Java 17) If you are not using Adobe ColdFusion, you can skip the next section. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs." It's not clear to me how to read this relative to the use of Java as underlying ColdFusion.)įinally, see the listing of specific bug fixes in each update, as offered in a link at the bottom of those update technotes for each release above. (And note that in both pages, they indicate that the vulnerability addressed by the security fix for this Java version, " applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Both those documents cover all Oracle products, but I have linked to the Java-specific sections of the pages. Second, see the Java security fixes in these Jan 2022 updates, and a more elaborated discussion of these Java security issues. The new updates are 1.8.0_321, (aka 8u321), 11.0.14, and 17.0.2, respectively).įor more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.įinding more info on these Jan 2022 Java updatesįirst, see the technotes for each of 1.8.0_321, 11.0.14, and 17.0.2. ![]() (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) I'd shared the news in a tweet last week, but was delayed in getting this post out. ![]() New JVM updates have been released last week (Jan 18, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |