Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-43333

Upgrade bundled Java to 8u101+

XMLWordPrintable

      Oracle's Critical patch update for July includes some "unspecified vulnerability", for example CVE-2016-3552 & CVE-2016-3503, fixes in the "install" component of java that may affect Confluence.

            [CONFSERVER-43333] Upgrade bundled Java to 8u101+

            Richard Atkins added a comment -

            Need to also update joda-time to match

            Richard Atkins added a comment - Need to also update joda-time to match

            David Black added a comment -

            Taking the CVSS score from CVE-2016-3552 -
            CVSS v3 score: 7.4 => High severity

            Exploitability Metrics

            Attack Vector Local
            Attack Complexity High
            Privileges Required None
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality High
            Integrity High
            Availability High

            See http://go.atlassian.com/cvss for more details.

            David Black added a comment - Taking the CVSS score from CVE-2016-3552 - CVSS v3 score: 7.4 => High severity Exploitability Metrics Attack Vector Local Attack Complexity High Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity High Availability High See http://go.atlassian.com/cvss for more details.

              fxu Feng Xu (Inactive)
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: