CVE Vulnerability Reported on IBM Java 1.8 Version #101
Comments
|
The CVEs are fixed in the next Java releases, which were delayed. Java 7.x (FP75) is due out next week, and Java 8 (FP20) is due out Nov 17 although it will take some extra time for the docker images to get updated. |
|
@pshipton Is the CVE'S are fixed? We are not notified through this ticket. |
|
The Java 7.x releases are available since last week. The Java 8 release is delayed again, there is no firm date, not before Dec 9. |
|
@pshipton Thanks for the update |
|
@pshipton Are we released the Java 8 to fix CVE issues ? I still see the CVE issues on the alpine-java-ibm images |
|
The Java 8 fp20 update (8.0.6.20) has been released, https://www.ibm.com/support/pages/java-sdk-downloads-version-80 I see this APAR was re-targeted for 8.0.6.25, the early February release. The others listed in the description are fixed in fp20. |
@pshipton |
It's expected around Feb 11, with the docker updates to follow. |
Hello Team,
We are noticed below CVE vulnerability on IBM-Alpine-Java8 version, We are using following version details.
java version "1.8.0_261" Java(TM) SE Runtime Environment (build 8.0.6.16 - pxa6480sr6fp16-20200902_01(SR6 FP16)) IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20200901_454898 (JIT enabled, AOT enabled) OpenJ9 - 2799ddf OMR - b348d97 IBM - 5371022) JCL - 20200831_01 based on Oracle jdk8u261-b13Kindly take a look and update the docker image. CVE vulnerability information mentioned on below for your reference.
https://www.ibm.com/support/pages/apar/IJ28908
https://www.ibm.com/support/pages/apar/IJ28903
https://www.ibm.com/support/pages/apar/IJ28905
Regards,
Anand Palani
The text was updated successfully, but these errors were encountered: