![]() If you are not using Adobe ColdFusion, you can skip the next section. ![]() This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs." It's not clear to me how to read this relative to the use of Java as underlying ColdFusion.)įinally, see the listing of specific bug fixes in each update, as offered in a link at the bottom of those update technotes for each release above. (And note that in both pages, they indicate that the vulnerability addressed by the security fix for this Java version, " applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Both those documents cover all Oracle products, but I have linked to the Java-specific sections of the pages. Second, see the Java security fixes in these Jan 2022 updates, and a more elaborated discussion of these Java security issues. The new updates are 1.8.0_321, (aka 8u321), 11.0.14, and 17.0.2, respectively).įor more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.įinding more info on these Jan 2022 Java updatesįirst, see the technotes for each of 1.8.0_321, 11.0.14, and 17.0.2. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) I'd shared the news in a tweet last week, but was delayed in getting this post out. ![]() New JVM updates have been released last week (Jan 18, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17.
0 Comments
Leave a Reply. |