Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-66241

Embed latest java critical security update (1.8.0.171 or higher) into the next JIRA (sub)version

    XMLWordPrintable

Details

    • 17
    • 7
    • Hide
      Atlassian Update – 21 December 2018

      Dear Jira users,

      We’re glad to announce that this issue will be addressed in our upcoming 8.0 release.

      You can find more details about our 8.0 beta release here — https://community.developer.atlassian.com/t/beta-for-jira-8-0-is-up-for-grabs/25588

      Looking forward to your feedback!

      Kind regards,
      Syed Masood
      Product Manager, Jira Server and Data Center

      Show
      Atlassian Update – 21 December 2018 Dear Jira users, We’re glad to announce that this issue will be addressed in our upcoming 8.0 release. You can find more details about our 8.0 beta release here — https://community.developer.atlassian.com/t/beta-for-jira-8-0-is-up-for-grabs/25588 Looking forward to your feedback! Kind regards, Syed Masood Product Manager, Jira Server and Data Center
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      Current embedded JRE has some vulnerabilities which have been resolved in critical security update Java 1.8.0.171. Many larger companies which have a dedicated security team will ask their JIRA system admin to update the Java version to the new critical security update. Which forces the JIRA system admin to sway away from sticking to the embedded version.

      https://www.java.com/en/download/faq/release_changes.xml

      Suggested Solution

      Test and bundle with the latest Java 1.8.0.171 into the new update of JIRA.

      Workaround 

      If the customer is requested to update Java before a new JIRA release with the required java update comes out, they can update their Java versions manually by following these KB articles;

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-67824 Update JDK for Enterprise release to get fix for JDK-8144566: 'Custom HostnameVerifier disables SNI extension'

          • Low - Low priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-65102 Update bundled Apache Tomcat due to security vulnerabilities

          • Low - Low priority issues
          • Closed

          Suggestion - CONFSERVER-54108 Embed latest java critical security update (1.8.0.161 or higher) into the next Confluence (sub)version

          • Closed

          RAID-908 Loading...

          is related to

          BDEV-14523 Loading...

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              psuwala ΞΔ (Inactive)
              sdegroot@atlassian.com Steven de Groot
              Votes:
              7 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: