You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent Java versions have a cryptography vulnerability allowing attackers to forge certain auth credentials/tokens, including OIDC and SAML. See details here and here.
CiviForm relies on OpenJDK 11, which is not affected by this specific auth issue, but is affected by other CVEs. We should upgrade OpenJDK to a version >11.0.14 to resolve those issues, and notify users to upgrade their CiviForm installations accordingly.
The text was updated successfully, but these errors were encountered:
See #2315. This only updates the x86/amd64 version, and does not bump the arm64 version, since it is [not yet available](https://hub.docker.com/r/bellsoft/liberica-openjdk-alpine/tags). arm64 is not urgent (to my knowledge) since it is only used for local Mac M1 development.
* Update OpenJDK to 11.0.14.1
See #2315. This only updates the x86/amd64 version, and does not bump the arm64 version, since it is [not yet available](https://hub.docker.com/r/bellsoft/liberica-openjdk-alpine/tags). arm64 is not urgent (to my knowledge) since it is only used for local Mac M1 development.
* Also update prod Dockerfile
Co-authored-by: bion <bionj@google.com>
Recent Java versions have a cryptography vulnerability allowing attackers to forge certain auth credentials/tokens, including OIDC and SAML. See details here and here.
CiviForm relies on OpenJDK 11, which is not affected by this specific auth issue, but is affected by other CVEs. We should upgrade OpenJDK to a version >11.0.14 to resolve those issues, and notify users to upgrade their CiviForm installations accordingly.
The text was updated successfully, but these errors were encountered: