general

Security Notices

2022-04-29 ECDSA signature vulnerability on Java

On 29 April 2022, a Java vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE on Java versions 17.0.2 and 18.

Affected Platforms

  • Java 17.0.2 and Java 18 (Java 15 and 16 are impacted too but note that are deprecated).
  • Applications using ECDSA signatures.

How To Patch it

  • A new version was released in the upstream project (17.0.3). Here you can find the risk matrix and the vulnerabilities fixed in this version.

BITNAMI UPDATES:

[2022-05-03] Bitnami team has been actively working on the release of this new version:

Do you have more questions? You can open an issue in this github repository. Our support team will be happy to help you there.

Last modification October 23, 2023