> A question about what is considered the appropriate version of Java for use > with CF 9. > > As I understand it _24 is the last version officially suggested by Adobe. > But that is susceptible to this exploit: > http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html > > So, have people had success with more recent versions? Or has Adobe > suggested any more recent versions specifically?
Generally, you can use the latest point release for a supported major version. Adobe can't possibly test them all as they come out, so they're always behind. That said, a lot of the vulnerabilities listed in that document (maybe all - I didn't read it that thoroughly) are not things you generally have to worry about on a web server. Most of the items involve Java Web Start or running Java applets. Servlets/JSP and those sorts of things tend to have far fewer vulnerabilities. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351942 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
