Java Security Patch: /home/Support/LabKey Support Forum

Java Security Patch

LabKey Support Forum

View Message

Java Security Patch

slangley

2012-10-17 10:36

Status: Closed

I see that Oracle released a patch to Java that fixes a number of critical, remotely-exploitable security vulnerabilities.

http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Can you give us a sense of how easily exploitable these might be on LabKey server and what priority should be given to upgrading our Java platform?

Could you run your full test suite using this new Java to determine if it introduces any regressions?

Thanks.

Scott

jeckels responded:	2012-10-17 18:22
Hi Scott, Based on the limited information available about these vulnerabilities, we don't think that LabKey Server is likely to be at risk. However, since we can't prove that it's not affected, we recommend that all installations plan to upgrade their Java installation according to their regular maintenance and upgrade schedules. We regularly update our automated test systems with new third party software, including Java. We haven't done it yet in this particular case, but given the list of changes it seems extremely unlikely that there will be any regressions. Thanks, Josh