Menu
▾
▴
Re: [Ejbca-develop] JDK 7 and ejbca 4.0.x
|
From: Michael S. <mi...@st...> - 2013-10-24 07:43:06
|
Tomas Gustavsson wrote: > You will just have to try it out, I do not know. EJBCA 5 has been tested > with JDK 7, that I know. I haven't tested EJBCA 4 myself at least, perhaps > someone else has? I'd also like to hear from others how they upgrade their Java installation. > You should of course make a risk assessment on your particular setup, to > know the attack vectors on your system. It differs a lot between different > configurations. Risk assessment is pretty difficult in this case: Oracle currently still keeps details secret. The only information we have is that there are two security issues listed with CVSS v2 Base Score 10.0 which also affect server deployments. I really wonder how others are dealing with that. Ciao, Michael. > "Michael Ströder" <mi...@st...> wrote: >> Tomas Gustavsson wrote: >>> It is only Oracle JDK 6 that is eol, open JDK is still supported by >> RedHat >>> etc. RedHat have patches for jboss 5 to run with JDK 7, as for EJBCA >> 4, I >>> do not know. EJBCA will come with we releases later this year. >> >> The RHEL pages for the Java security flaws are: >> >> https://access.redhat.com/security/cve/CVE-2013-5830 >> https://access.redhat.com/security/cve/CVE-2013-5782 >> >> Both lists the same errata pages which all mention java-1.7.0-openjdk >> or >> java-1.7.0-oracle as security fixes (even for RHEL5). >> >> So the big question is whether ejbca 4.0.x runs with e.g >> java-1.7.0-openjdk. >> Maybe I'm not familiar enough with JDK version numbering though. >> >> Ciao, Michael. |
