I've had Java 1.2 apps run without a hitch, but as stated, it depends on how the application was programmed. For instance, I've seen an application crash from one runtime to another that incorrectly implemented equals while that element was kept in a list.įor such an old application I think it is time you a full round of testing and possibly a code review to assess if compatibility issues are a topic or not. It is however possible to abuse the Java language to such a degree that it will fail. If running it on newer versions won't lead to runtime errors depends on the application it won't if it was build with Java portability in mind, in all likelihood. Hopefully the libraries use semantic versioning so upgrades can be distinguished from updates. The amount of testing depends if you have to update or upgrade your system if well implemented you could go for automated testing for updates and do a full round of testing for upgrades. Apache Commons Codec has sprung an issue.Įven more important: create an update and upgrade strategy for your system and adhere to it. You don't want to have a vulnerability if e.g. Some utility libraries may have less priority depending on their functionality, but stay vigilant. Upgrade your Java version and your server + libraries. PKCS#1 v1.5 padding oracles are likely to apply because it depends on the actual implementation.Īs the Java executable itself is not particularly riddled with easy to exploit bugs, it mainly depends on what functionality is used from the runtime classes of your server, libraries and application (in that order, the server is much more likely to have a large footprint). For instance, Heartbleed is extremely unlikely to be an issue because it depends on buffer overruns, and Java has internal protection against those. Although Java has some advantages compared to C thwarting some attacks, other vulnerabilities will certainly be present. That means that it is likely that your TLS implementation has not received an upgrade in years. However, a web application commonly runs on an application server, which will likely use Java for its TLS implementation. A "Hello World!" application is likely not to be affected, as it has no security requirements, no attack vectors and doesn't use much runtime components anyway (attack surface). If there are any security risks mitigated by upgrading depends on the application, of course. Generally it is best to keep your Java runtime up-to-date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |