Embed latest java critical security update (1.8.0.161 or higher) into the next Confluence (sub)version

XMLWordPrintable

    • 2

      Problem Definition

      Current embedded JRE has some vulnerabilities which have been resolved in critical security update Java 1.8.0.161. Many larger companies which have a dedicated security team will ask their Confluence system admin to update the Java version to the new critical security update. Which forces the JIRA system admin to sway away from sticking to the embedded version.

      https://www.java.com/en/download/faq/release_changes.xml

      Suggested Solution

      Test and bundle with the latest Java 1.8.0.161 into the new update of Confluence.

      Workaround 

      If the customer is requested to update Java before a new Confluence release with the required java update comes out, they can update their Java versions manually by following these KB articles;

      Installing JDK

      How to switch from the bundled JRE to System Java when using Confluence as Windows Service

      How to use system Java instead of the bundled JRE

            Assignee:
            Unassigned
            Reporter:
            Wayne Wong
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: