Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-54108

Embed latest java critical security update (1.8.0.161 or higher) into the next Confluence (sub)version

XMLWordPrintable

    • 2
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Current embedded JRE has some vulnerabilities which have been resolved in critical security update Java 1.8.0.161. Many larger companies which have a dedicated security team will ask their Confluence system admin to update the Java version to the new critical security update. Which forces the JIRA system admin to sway away from sticking to the embedded version.

      https://www.java.com/en/download/faq/release_changes.xml

      Suggested Solution

      Test and bundle with the latest Java 1.8.0.161 into the new update of Confluence.

      Workaround 

      If the customer is requested to update Java before a new Confluence release with the required java update comes out, they can update their Java versions manually by following these KB articles;

      Installing JDK

      How to switch from the bundled JRE to System Java when using Confluence as Windows Service

      How to use system Java instead of the bundled JRE

              Unassigned Unassigned
              wwong Wayne Wong
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: