×
We value your feedback! Please click here to access our 2024 Client Survey.
The survey will remain open until November 1st. Your perspective will help guide our product/service planning and goals for the upcoming year and beyond!

Java Security Patch

LabKey Support Forum
Java Security Patch slangley  2012-10-17 10:36
Status: Closed
 
I see that Oracle released a patch to Java that fixes a number of critical, remotely-exploitable security vulnerabilities.

http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Can you give us a sense of how easily exploitable these might be on LabKey server and what priority should be given to upgrading our Java platform?

Could you run your full test suite using this new Java to determine if it introduces any regressions?

Thanks.

Scott
 
 
jeckels responded:  2012-10-17 18:22
Hi Scott,

Based on the limited information available about these vulnerabilities, we don't think that LabKey Server is likely to be at risk. However, since we can't prove that it's not affected, we recommend that all installations plan to upgrade their Java installation according to their regular maintenance and upgrade schedules.

We regularly update our automated test systems with new third party software, including Java. We haven't done it yet in this particular case, but given the list of changes it seems extremely unlikely that there will be any regressions.

Thanks,
Josh