Security testing of Supported JVM

Question

Oracle/Sun has released a Critical Patch Update March 25, 2010, see http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html. When will Adobe test these JVM and issue a Security Advisory with verification these updates work with supported versions of ColdFusion: 7/8/9? According to http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html all three products are supported: 7 = 2/7/2012, 8 = 7/31/2014, 9 = 12/31/2016.

This thread indicates that any Java security updates should be supported: http://forums.adobe.com/message/15465 and this link http://kb2.adobe.com/cps/547/2d547983.html lists the JVM that were shipped by Adobe with their products.

Anonymous · Answer

Macromedia & Adobe both lag behind in version numbers because of the complexity of testing everything against them. As you saw though my post at the bottom they had stated to me (Macromedia at the time) that they would support you running any version of Java in line with what you start with if it's for security purposes. Java (now Oracle) is always coming out with new versions for security reasons, so it's hard to expect them to keep internally testing and updating each version.

It is up to you as the administrator to test, validate, and implement the newer version of Java on your CF server. If there are issues they will support you, but that does not mean they will upgrade the internal Java.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded