Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-67193

Missing updates for openjdk-1.8.0

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • None
    • CentOS Stream 9
    • java-1.8.0-openjdk
    • None
    • None
    • None
    • rhel-sst-java
    • None
    • None
    • None
    • None
    • None
    • x86_64
    • None

      What were you trying to do that didn't work?

      We have some CentOS Stream 9 virtual machines at work that still need to run OpenJDK 1.8.0 due to the software that is run on them.

      The current version of the package is massively outdated and contains a lot of CVEs.

      Even CentOS 7 got a newer package before it went EOL and got upgraded to 402.

      Why is OpenJDK not updated for CS9 and still stuck on 362, which was released in January 2023? We are missing nearly two years of updates and security patches here.

      What is the impact of this issue to you?

      Angry emails from our security department because our automated scanning tools, find lots of vulnerabilities on our servers.

      Please provide the package NVR for which the bug is seen:

      java-1.8.0-openjdk-1.8.0.362.b09-4.el9

      How reproducible is this bug?:

      Reproducible on every CS9 machine.

      Steps to reproduce

      1. yum info java-1.8.0-openjdk
      2. Check "Version"

      Expected results

      A package with a more recent version.

      Actual results

      We get version 362 from January 2023.

              rhn-engineering-ahughes Andrew Hughes
              fbreidenstein Felix Breidenstein (Inactive)
              Andrew Hughes Andrew Hughes
              David Kutalek David Kutalek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: