> On Sep 11, 2024, at 08:13, Ferrick, Michael > <michael_ferr...@ssga.com.INVALID> wrote: > > The powers above have notified me that the Java version 9.0.1.0 (x64) that I > am using with Apache Tomcat 9.0.84 has a vulnerability on my Windows servers > (OS 2019) and MUST be remediated. That means use another Java version! > > I removed Java 9.0.1 (64-bit) and Java (tm) SE Development Kit 9.0 (64-bit) > from the Control Panel (It notified me that it would stop Tomcat) and I > installed jdk-8u421-windows-x64.exe in the default location of C:Program > Files\Java, which was the same location as the original 9.0.1.0 version. > > Apache Software is located on E:\Program Files\Apache Software > Foundation\Tomcat 9.0. > > I opened Services and attempted to Start Apache Tomcat and I got an error > message. The only thing the message meant to me is that Tomcat failed to > start. I'm not an SME (Subject Matter Expert) on JAVA or Tomcat however if > the content is important to resolve let me know. > > I removed Java 8u421 from the Control Panel (Both the Jav SE Dev tool Kit and > Java 8.421 (64-bit)). > > I re-installed jdk-9.0.1_windows-64_bin.exe and checked Control Panel to > confirm both Java and the toolkit was also installed. > > I re-opened Services and was able to restart Apache Tomcat. > > I then downloaded Java 8u422-b05-windows-x64 and using the same procedures as > above uninstalled Java 9.0.1 and installed java 8.422 and it failed to start > Apache Tomcat, so I once again had to revert to the "vulnerable" Java 9.0.1. > > Can anyone tell me what non-vulnerable version of Java will work with Tomcat > 9.0.84 or what I am missing to make the 8.xx versions I have work? I can't > simply upgrade Apache Tomcat as there are just too many developers entrenched > in this version.
Going back to Java 8 sounds like a really bad idea at this stage, but if you must, then try clearing out Tomcat’s temp and work directories first. There may be class files in there compiled with Java 9 that will not be usable on prior versions of the JVM. As others have stated, moving to a more recent supported JVM would be better, such as OpenJDK 21, which is an LTS version. - Chuck --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
