I'm about to ask what I feel is a stupid question but...how are we supposed to get the most up-to-date releases of Java SE to use with Clarity? Per the release notes, Clarity (14.2) supports "Oracle Java SE JDK 1.7 update 67 (64-bit) or higher patch level" which is great. We've recently started running Nessus security vulnerability scans on our servers, and we have update 80 but several vulnerabilities have been found that require updating to update 91 or newer. Fine, all checks out with the supported version...except I can't find where to get it. So far as I can tell, update 80 is the final release that is publicly available ("Updates for Java SE 7 released after April 2015, and updates for Java SE 6 released after April 2013 are only available to Oracle Customers"), and anything newer seems to require enterprise oracle support. I created a free support account but when trying to access the newer Java it was asking for a support ID or something like that which I dont have.
I've opened a case with CA support and had to explain this three times to the support rep (who kept sending my links to the same update 80 that I already have) but that doesn't seem to be going anywhere. Does anyone else know how we are supposed to keep our java installations up to date and secure (as secure as Java ever could be anyway)? I'm really hoping someone has a link to the download page that I just haven't been able to find (the oracle/java website is not the best I've ever seen)
Hey Lino. Do you have an Oracle DBA or someone in your organization that you know has an account tied to an Oracle site license? You could ask them to fetch it for you.
I've already reached out and waiting on a response as this was the only avenue I could think of, but it is completely ridiculous to have to rely on support for a completely separate product to keep our CA products maintained
Oracle doesn't permit us to redistribute any java patch versions such as the non-public ones you mention. I received a specific reminder on this about a month ago personally.
If you were able to obtain the patch versions you mention, you are correct in that it would be included/covered in the range of versions we consider supported for use though.
So unfortunately as you quoted, unless you are an Oracle customer with those entitlements, then for that version of Clarity, you would not (in any normal way) be able to obtain a higher patch level than the public ones available - it has been controlled that way on purpose (because Oracle are not willing to 'maintain' Java 1.7 for free anymore, and those fixes would only freely be available in higher versions that are still publicly maintained).
Ultimately in order to keep up at this point, I think it is likely going to require upgrading Clarity itself so you can get to the versions where we've moved on from Java 1.7.x and are now going for Java 1.8.x and beyond.
I was afraid, but not at all surprised, that this was the answer. Expecting customers to always stay on the most recent version is a holy unrealistic expectation (as proven by the history on these boards) just to attempt to keep the product secure. As soon as you upgrade to get java 1.8, 1.9 will drop out of nowhere. I always thought being on the latest version I was able to download was secure, I didn't even know there were so many newer releases until it came up on the scan (i think I saw somewhere they were at 100 and something now).
Java 9 (link below)
JDK 9 Early Access Releases — Project Kenai
Historical versions (link below):
Oracle Java Archive | Oracle Technology Network | Oracle