On Thu, Mar 26, 2015 at 5:39 AM, James Nord <[email protected]> wrote: >> switching the baseline to Java 8 means that someone whose corporate IT >> supports installation of only Java 7 will not receive even security >> fixes in about three months. > > But they will have a JDK that won't get security fixes in less time than this
A valid point, though I am guessing that the great majority of Java security fixes are not dealing with vulnerabilities that would actually affect Jenkins (as opposed to JavaWebStart, other server apps, etc.). IOW, using a fully patched Jenkins is far more important than using the latest Java update. I have not managed to find a single, clear list of recent Java security fixes, so it is hard to tell for sure. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr07ge5VxqRN2QZBrC4gOeY_3za1z89n5wD1LYRwDGdCWQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
