Java | ColdFusion | Railo security update

by kai on 05/02/2013



This is just a quick free-of-charge public service announcement that Oracle has released Java 6 Update 39.

Why is this important for users of ColdFusion or Railo? A lot of people are running their Railo and ColdFusion servers on Java 6. Update 39 is a so called “update to the JRE Security Baseline of Java 6” and you want to be on Update 39 to make sure you are protected by the latest security patches for Java 6 by Oracle.

Not every minor release of Java is relevant for the security baseline of a major version. Just recently Oracle released Update 38 and the JRE Security Baseline of Java 6 was left at Update 37.

This shows that it’s very important to monitor what’s happening to your underlying runtime environment, it’s your responsibility and you shouldn’t rely on someone like Adobe or the Railo community telling you what to do.

Update: As I was asked about this outside of the blog – there’s not yet much experience out there in regards to if and how either ColdFusion or Railo would behave with Java 6 Update 39. From what I can see, I don’t expect any issues but unfortunately the devil can be in the details. My recommendation would obviously be to test using this JVM with either server on a development or staging machine before you blindly put it onto a production server.

Comments on this entry are closed.

{ 1 trackback }

Previous post:

Next post: