Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.9.5
Affects Version/s: 5.9.4
Component/s: Server - Installer / Setup
Labels:

CVSS Score:
6.8
Bug Fix Policy:
View Atlassian Server bug fix policy

Update the bundled version of java to a version >= 1.8u71 (1.8 update 71), which fixes many security issues (http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA).
Included in the security fixes is a fix for CVE-2016-0483 "An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions".

Edit: updating to latest - 1.8.0_74

is related to

CONFSERVER-36165 Disable SSLv3 in outgoing HTTPS connections from Confluence

Closed

JRASERVER-59661 Update Java version bundled found in the installer to a version >= 1.8u71

Closed

relates to

CONFSERVER-38295 Update Java version bundled found in the installer to a version >= 1.8u51

Closed

is blocked by: BUILDENG-10217 Loading...

Assignee:: Denise Unterwurzacher [Atlassian] (Inactive)

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 04/Feb/2016 2:48 AM

Updated:: 12/Aug/2021 11:47 PM

Resolved:: 11/Feb/2016 6:55 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates