I downloaded JDK17. Thank you. _________________________ Michael Ferrick MBA AVP – Application Reliability Operations | Market Data & Trader Support | GM | GA | GT | Corp (He, Him, He’s) 1 Iron Street Boston, Massachusetts, 02210 USA +1 (617) 664-5842 mds_infrastruct...@ssga.com statestreet.com / State Street on LinkedIn
The information contained in this email and any attachments have been classified as limited access and/or privileged State Street information/communication and is intended solely for the use of the named addressee(s). If you are not an intended recipient or a person responsible for delivery to an intended recipient, please notify the author and destroy this email. Any unauthorized copying, disclosure, retention or distribution of the material in this email is strictly forbidden. Go green. Consider the environment before printing this email. Information Classification: General -----Original Message----- From: Holger Klawitter <info....@klawitter.de> Sent: Wednesday, September 11, 2024 9:34 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Trying to Resolve a Java Version Vulnerability I'm Using for Tomcat [You don't often get email from info....@klawitter.de. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Hi Michael, you should be fine using a contemporary version of Java like JDK17 or JDK21. Ferrick, Michael wrote (at 2024-09-11 13:13 +0000): > Hello, > > The powers above have notified me that the Java version 9.0.1.0 (x64) that I am using with Apache Tomcat 9.0.84 has a vulnerability on my Windows servers (OS 2019) and MUST be remediated. That means use another Java version! > > I removed Java 9.0.1 (64-bit) and Java (tm) SE Development Kit 9.0 (64-bit) from the Control Panel (It notified me that it would stop Tomcat) and I installed jdk-8u421-windows-x64.exe in the default location of C:Program Files\Java, which was the same location as the original 9.0.1.0 version. > > Apache Software is located on E:\Program Files\Apache Software Foundation\Tomcat 9.0. > > I opened Services and attempted to Start Apache Tomcat and I got an error message. The only thing the message meant to me is that Tomcat failed to start. I'm not an SME (Subject Matter Expert) on JAVA or Tomcat however if the content is important to resolve let me know. > > I removed Java 8u421 from the Control Panel (Both the Jav SE Dev tool Kit and Java 8.421 (64-bit)). > > I re-installed jdk-9.0.1_windows-64_bin.exe and checked Control Panel to confirm both Java and the toolkit was also installed. > > I re-opened Services and was able to restart Apache Tomcat. > > I then downloaded Java 8u422-b05-windows-x64 and using the same procedures as above uninstalled Java 9.0.1 and installed java 8.422 and it failed to start Apache Tomcat, so I once again had to revert to the "vulnerable" Java 9.0.1. > > Can anyone tell me what non-vulnerable version of Java will work with Tomcat 9.0.84 or what I am missing to make the 8.xx versions I have work? I can't simply upgrade Apache Tomcat as there are just too many developers entrenched in this version. > > Thank you, > Mike > > _________________________ > The information contained in this email and any attachments have been classified as limited access and/or privileged State Street information/communication and is intended solely for the use of the named addressee(s). If you are not an intended recipient or a person responsible for delivery to an intended recipient, please notify the author and destroy this email. Any unauthorized copying, disclosure, retention or distribution of the material in this email is strictly forbidden. > Go green. Consider the environment before printing this email. > > > > Information Classification: General -- Mit freundlichem Gruß / With kind regards Holger Klawitter -- listen <at> klawitter <dot> de --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
