Awesome! Thanks for the quick response > On Jul 20, 2023, at 11:13 AM, Andy Seaborne <[email protected]> wrote: > > "EXTERNAL EMAIL" – Always use caution when reviewing mail from outside of the > organization. > > > > On 20/07/2023 17:18, Brandon Sara wrote: >> I just came across CVE-2023-32200 and was wondering, is it different than >> CVE-2023-22665 and, if so, how is it different? > > > Jena 4.8.0 addresses CVE-2023-22665 by requiring the Java system property > "jena:scripting" to enable scripting. > > Jena 4.9.0 addresses CVE-2023-32200 which happens if scripting is enabled > (4.8.0). The change goes further than only addressing the security issue by > requiring script functions to be in an "allowed" list; that is, there is an > API contract for callable scripts. Other functions in the script file are not > callable which should help development. > > Running Java17 means there is no scripting engine unless the deployment > has added one. Java11 has a scriting engine in the JDK. > > Andy >
No PHI in Email: PointClickCare and Collective Medical, A PointClickCare Company, policies prohibit sending protected health information (PHI) by email, which may violate regulatory requirements. If sending PHI is necessary, please contact the sender for secure delivery instructions. Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
