2022-04-29 ECDSA signature vulnerability on Java
On 29 April 2022, a Java vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE on Java versions 17.0.2 and 18.
- Java 17.0.2 and Java 18 (Java 15 and 16 are impacted too but note that are deprecated).
- Applications using ECDSA signatures.
How To Patch it
- A new version was released in the upstream project (17.0.3). Here you can find the risk matrix and the vulnerabilities fixed in this version.
[2022-05-03] Bitnami team has been actively working on the release of this new version:
- Currently the java Bitnami Application Catalog and VMware Tanzu Application Catalog containers are using this version.
- Java is used as a dependency in Elasticsearch; the ES container, Helm chart, Virtual Machine, MultiTier solution and launchpads were also updated.
Do you have more questions? You can open an issue in this github repository. Our support team will be happy to help you there.