It may have passed some people by but the last two releases for 10.2 and 10.2.2 contain some patches for vulnerabilities in JAVA, as listed here here.
Not being a JAVA or InfoSec specialist I'm not in a position to judge the criticality of the issues, anyone care to offer a view?
Does anyone know if the patch needs to be applied client side? It doesn't seem to be mentioned anywhere which normally implies just server side but it doesn't make sense to me that you can protect from a man in the middle issue by only patching one side of the "pipe".
The biggest question I have is that if the issue is restricted to JAVA and Open SSL then why aren't we just patching JAVA and Open SSL on the relevant machines? Mixing this security patch up with a functional release causes a really big headache for clients in terms of the test cycle.
1 post • Page 1 of 1