Closed jherwehe closed 7 months ago
This release notes indicates that 17.09 is the baseline security version https://www.oracle.com/java/technologies/javase/21all-relnotes.html
So we are updating to a version within SDK17 - should we be considering an upgrade to SDK21 https://www.oracle.com/java/technologies/downloads/#java17
I will need to test the security update version on the mac, and then also upgrade the release notes.
This release notes indicates that 17.09 is the baseline security version https://www.oracle.com/java/technologies/javase/21all-relnotes.html
So we are updating to a version within SDK17 - should we be considering an upgrade to SDK21 https://www.oracle.com/java/technologies/downloads/#java17
I will need to test the security update version on the mac, and then also upgrade the release notes.
Thanks for providing the links, Liz. I would choose 17.0.9 over 17.0.8, but not sure if updating to SDK21 over SDK17 will involve additional work.
Tony, Please let us know your thoughts on these ? ****
If not too much burden, it would be nice to upgrade to SDK21 over SDK17; seems that we have been lagged behind for a few versions?
Daiwen
Java has been updated in 20231222 builds
Confirmed.
using VERDI_2.1.5_mac_20240103.tar.gz Confirmed that I am seeing the same java version on the mac. cd VERDI_2.1.5/jre/Contents/Home/bin ./java --version java 21.0.1 2023-10-17 LTS Java(TM) SE Runtime Environment (build 21.0.1+12-LTS-29) Java HotSpot(TM) 64-Bit Server VM (build 21.0.1+12-LTS-29, mixed mode, sharing)
Describe the bug High Priority: A Java security vulnerability has been identified in VERDI by ORD/OSIM via a NESSUS scan on my Linux workstation. They have told me that Java should be updated to Java SE 17.0.8 or greater, or I need to delete VERDI from my workstation. Here is the Java version in the recent 20231013 build of VERDI 2.1.4:
[jherwehe@d2626ut7920g ~/verdi/VERDI_2.1.4.20231013/jre/bin]$ ./java --version java 17.0.2 2022-01-18 LTS Java(TM) SE Runtime Environment (build 17.0.2+8-LTS-86) Java HotSpot(TM) 64-Bit Server VM (build 17.0.2+8-LTS-86, mixed mode, sharing
This Java update needs to be completed before releasing VERDI 2.1.5.
To Reproduce Steps to reproduce the above Java version report:
Desktop (please complete the following information):