![]() ![]() In any case, if you are not using Adobe ColdFusion, you can skip the next section. And CF users, see the next section on the state of support in CF for Java 17.) ![]() See the page and FAQ offered there for more specifics. (Before leaving this subject, I should note that some may be interested to hear that Oracle announced in Sep 2021 that Java 17 and above would again be free for commercial use. (And while users of the open source Lucee CFML engine MAY choose to use Oracle's JVM, they are free to use other implementations.) Adobe licenses Oracle Java for use by ColdFusion users. What about other JVM distributions besides Oracle?īefore moving on, I want to acknowledge that of course I do realize there are other distributions of Java besides Oracle's, from the OpenJDK to alternatives from Azul, Amazon, Microsoft, and others.Īnd while SOME of what I share in my jvm update notes, like this one, may well apply to those other distributions, I choose here to focus specifically on the Oracle JVM, because that's what's supported by the primary community I support, users of Adobe ColdFusion. (As I discuss below, the Adobe ColdFusion team also provides Java downloads for the versions they support.) And while you DO need to sign in there to obtain the download files, an account is free. ![]() But do note that while the top of the page offers the LATEST Java versions (Java 17 and above), you will find Java 11 and 8 offered later down the page. There may be some change that's important for you.Īs for obtaining the Java downloads, you can find all the current versions on this one page. ![]() Third, see the listing of specific bug fixes included in each update, as offered in a link at the bottom of those update technotes for each release above. (Note that both those documents cover all Oracle products, but I have linked to the Java-specific sections of the pages.) And as always, see the "notes" offered for each vulnerability, as that may temper the severity. Second, regarding security fixes included, see the Java security fixes in these Jul 2023 updates or Text Form of Risk Matrix for Oracle Java SE. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in many resources here as 1.8.) You should look carefully at the note for the version YOU are running. Again, some changes may be in all 4 versions, while other changes may be only in a specific version/s. Here first are those few broad topics about this update in particular and some about applying JVM updates in general.įinding more info on these Jul 2023 Java updatesįirst, as for what changed in the updates, see the technotes for each of 1.8.0_381, 11.0.20, and 17.0.8, and 20.0.2. Beware a change in the April 2021 JVM updateĪbout the update and applying JVM updates in general.Beware a change in the October 2022 JVM update regarding Java no longer trusting jars signed with SHA-1.Beware a change in the January 2023 JVM update regarding the JDK installer.Beware a change in this Jul 2023 JVM update regarding Zip64ExtraFieldValidation.Then several things that you should be aware of, whether about this update or recent JVM updates you may be skipping over: News for my CF audience (getting the Java updates from Adobe or Oracle, how to update, why you should NOT for now use Java 17 with CF, etc).What about other JVM distributions besides Oracle?.Finding more info on these Jul 2023 Java updates.Here are the topics covered in this post, first a few on this update and JVM updates in general: Still, generally folks should seek to keep their JVM updated.) (As for this set of Jul 2023 updates and their security fixes, I will at least note that in terms of their severity, the security bulletin discussed below indicates that all the vulnerabilities are "difficult to exploit". And as is generally the case with these Java updates, most of them have the same changes and fixes across the 4 JVM versions, though not always.įor some folks, that's all they need to hear. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. It's that time again: there are new JVM updates released today (Jul 18, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 20. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |