From: Tomas G. <to...@pr...> - 2013-10-24 04:30:19
|
You will just have to try it out, I do not know. EJBCA 5 has been tested with JDK 7, that I know. I haven't tested EJBCA 4 myself at least, perhaps someone else has? You should of course make a risk assessment on your particular setup, to know the attack vectors on your system. It differs a lot between different configurations. Cheers, Tomas "Michael Ströder" <mi...@st...> wrote: >Tomas Gustavsson wrote: >> It is only Oracle JDK 6 that is eol, open JDK is still supported by >RedHat >> etc. RedHat have patches for jboss 5 to run with JDK 7, as for EJBCA >4, I >> do not know. EJBCA will come with we releases later this year. > >The RHEL pages for the Java security flaws are: > >https://access.redhat.com/security/cve/CVE-2013-5830 >https://access.redhat.com/security/cve/CVE-2013-5782 > >Both lists the same errata pages which all mention java-1.7.0-openjdk >or >java-1.7.0-oracle as security fixes (even for RHEL5). > >So the big question is whether ejbca 4.0.x runs with e.g >java-1.7.0-openjdk. >Maybe I'm not familiar enough with JDK version numbering though. > >Ciao, Michael. -- PrimeKey Solutions AB Internet: www.primekey.se Twitter: twitter.com/primekeyPKI Mob: +46 (0)707421096 |