In any case, if you are not using Adobe ColdFusion, you can skip the next section. And CF users, see the next section on the state of support in CF for Java 17.) See the page and FAQ offered there for more specifics. (Before leaving this subject, I should note that some may be interested to hear that Oracle announced in Sep 2021 that Java 17 and above would again be free for commercial use. (And while users of the open source Lucee CFML engine MAY choose to use Oracle's JVM, they are free to use other implementations.) Adobe licenses Oracle Java for use by ColdFusion users. While SOME of what I share in my jvm update notes, like this one, may well apply to those other distributions, I choose here to focus specifically on the Oracle JVM, because that's what's supported by the primary community I support, users of Adobe ColdFusion. What about other JVM distributions besides Oracle?īefore moving on, I want to acknowledge that of course I do realize there are other distributions of Java besides Oracles, from the OpenJDK to alternatives from Azul, Amazon, Microsoft, and others. (As I discuss below, the Adobe ColdFusion team also provides Java downloads for the versions they support.) And while you DO need to sign in there to obtain the download files, an account is free. But do note that while the top of the page offers the LATEST Java versions (Java 17 and above), you will find Java 11 and 8 offered later down the page. Third, see the listing of specific bug fixes included in each update, as offered in a link at the bottom of those update technotes for each release above.Īs for obtaining the Java downloads, you can find all the current versions on this one page. (Note that both those documents cover all Oracle products, but I have linked to the Java-specific sections of the pages.) And as always, see the "notes" offered for each vulnerability, as that may temper the severity. Second, regarding security fixes included, see the Java security fixes in these Jan 2023 updates or Text Form of Risk Matrix for Oracle Java SE. You should look carefully at the note for the version YOU are running. Some changes may be in all versions, while other changes may be only in a specific version/s. Beware a change in the April 2021 JVM update, if you may be skipping over itįinding more info on these Jan 2023 Java updatesįirst, as for what changed in the updates, see the technotes for each of 1.8.0_361, 11.0.18, and 17.0.6, and 19.0.2.Beware a change in the Oct 22 JVM update regarding Java no longer trusting jars signed with SHA-1.News for my CF audience (getting the Java updates from Adobe or Oracle, how to update, why you should NOT for now use Java 17 with CF, etc).What about other JVM distributions besides Oracle?.Finding more info on these Jan 2023 Java updates.For more, see another post I created.įor some folks, that's all they need to hear. Update: After posting this, I learned of some rather surprising implications of a new feature of the new JDK installer, as 11.0.18 or 17.0.6 and later. And as is generally the case with these Java updates, most of them have the same changes and fixes as each other, though not always. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may be a bit overstated. For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.) Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |