Patch for JAVA vulnerabilities

Post Reply
User avatar
Steve Rowe
Site Admin
Posts: 2410
Joined: Wed May 14, 2008 4:25 pm
OLAP Product: TM1
Version: TM1 v6,v7,v8,v9,v10,v11+PAW
Excel Version: Nearly all of them

Patch for JAVA vulnerabilities

Post by Steve Rowe »

Hi,

It may have passed some people by but the last two releases for 10.2 and 10.2.2 contain some patches for vulnerabilities in JAVA, as listed here here.

Not being a JAVA or InfoSec specialist I'm not in a position to judge the criticality of the issues, anyone care to offer a view?

Does anyone know if the patch needs to be applied client side? It doesn't seem to be mentioned anywhere which normally implies just server side but it doesn't make sense to me that you can protect from a man in the middle issue by only patching one side of the "pipe".

The biggest question I have is that if the issue is restricted to JAVA and Open SSL then why aren't we just patching JAVA and Open SSL on the relevant machines? Mixing this security patch up with a functional release causes a really big headache for clients in terms of the test cycle.

Cheers,
Technical Director
www.infocat.co.uk
Post Reply