Hi all, Suspecting that someone here knows the answer immediately, I thought I'd ask.
If you do not know the answer, please don't spend any time investigating: I'll do that later today and update everyone whether or not I find an answer. Our security team advise that "Certain versions of the Java Development Kit remove the LDAP attack vector". My question is: Does this removal occur during compile time or runtime? i.e.: Do we need to build the .war file with a JDK which removes the LDAP attack vector, or is it sufficient to deploy the Tomcat with a JDK which does this? Thank you, Tim -- Tim Scott OCLC * Senior Software Engineer / Technical Product Manager CityGate, 8 St. Mary's Gate, Sheffield S1 4LW, UK cc: Product Management file OCLC COVID-19 resources: oc.lc/covid19-service-info<https://oc.lc/covid19-service-info> [COVID-19: We're in this together]<https://www.oclc.org/en/covid-19.html?utm_campaign=covid-19-support&utm_medium=email&utm_source=libraryservices&utm_content=signature-banner-covid-19-information-resources>
