Hi Michael, you should be fine using a contemporary version of Java like JDK17 or JDK21.
Ferrick, Michael wrote (at 2024-09-11 13:13 +0000): > Hello, > > The powers above have notified me that the Java version 9.0.1.0 (x64) that I > am using with Apache Tomcat 9.0.84 has a vulnerability on my Windows servers > (OS 2019) and MUST be remediated. That means use another Java version! > > I removed Java 9.0.1 (64-bit) and Java (tm) SE Development Kit 9.0 (64-bit) > from the Control Panel (It notified me that it would stop Tomcat) and I > installed jdk-8u421-windows-x64.exe in the default location of C:Program > Files\Java, which was the same location as the original 9.0.1.0 version. > > Apache Software is located on E:\Program Files\Apache Software > Foundation\Tomcat 9.0. > > I opened Services and attempted to Start Apache Tomcat and I got an error > message. The only thing the message meant to me is that Tomcat failed to > start. I'm not an SME (Subject Matter Expert) on JAVA or Tomcat however if > the content is important to resolve let me know. > > I removed Java 8u421 from the Control Panel (Both the Jav SE Dev tool Kit and > Java 8.421 (64-bit)). > > I re-installed jdk-9.0.1_windows-64_bin.exe and checked Control Panel to > confirm both Java and the toolkit was also installed. > > I re-opened Services and was able to restart Apache Tomcat. > > I then downloaded Java 8u422-b05-windows-x64 and using the same procedures as > above uninstalled Java 9.0.1 and installed java 8.422 and it failed to start > Apache Tomcat, so I once again had to revert to the "vulnerable" Java 9.0.1. > > Can anyone tell me what non-vulnerable version of Java will work with Tomcat > 9.0.84 or what I am missing to make the 8.xx versions I have work? I can't > simply upgrade Apache Tomcat as there are just too many developers entrenched > in this version. > > Thank you, > Mike > > _________________________ > The information contained in this email and any attachments have been > classified as limited access and/or privileged State Street > information/communication and is intended solely for the use of the named > addressee(s). If you are not an intended recipient or a person responsible > for delivery to an intended recipient, please notify the author and destroy > this email. Any unauthorized copying, disclosure, retention or distribution > of the material in this email is strictly forbidden. > Go green. Consider the environment before printing this email. > > > > Information Classification: General -- Mit freundlichem Gruß / With kind regards Holger Klawitter -- listen <at> klawitter <dot> de --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
