Results 1 to 3 of 3

Thread: Tools release upgrade for patching Oracle vulnerabilties

  1. #1
    Member
    Join Date
    Jan 2002
    Location
    Netherlands
    Posts
    52

    Tools release upgrade for patching Oracle vulnerabilties

    Dear All,

    in January Oracle released another patching document.
    https://www.oracle.com/security-aler...ml#AppendixJDE

    As you can see, JD Edwards 9.2 is affected. After searching you can find out that the only method of fixing this is to install the leatest Tools release 9.2.4.1(2)

    I created a SR and requested a POC from Oracle to create a patch fix for our current TR. Oracle answer: we will not do this as this method of installing the latest TR is standard for years already.

    Some questions:

    Are you aware that a TR is the only way of patching these security issues?
    Are you updating to the last TR 4 times a year when Oracle published the patching document? If not what is the strategy used to minimise these risks?

    If you are surprised as well then I hope we can combine our strenghts to ask Oracle to create patches for existing tools releases.

    Regards,

    Ron

  2. #2
    Sorry to burst your bubble, but that's not gonna happen. They never did and they never will (probably). You might have a chance if you ask for one specific fix from that vulnerability list but not the whole thing.
    EnterpriseOne 8.12 to 9.2
    AIX, Linux, Windows, IBM i
    Oracle DB, MSSQL, DB2
    WAS, WLS

  3. #3
    Member
    Join Date
    Jun 2001
    Location
    Colorful Colorado
    Posts
    479
    From the link you posted, under the component column, it looks like the issues were actually in the version of Jackson and jQuery third party libraries -- so they probably had to update to newer versions of those libraries with the patches, which probably involves rebuilding the entire JAS client.

    In other words, a fix would look a lot like an entire update to all of JAS, except that version wouldn't have been put through JDE's QE process.
    --john

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
The legal restrictions and terms of use applicable to this site are available here.
Use of this site signifies your agreement to the terms of use.
JDELIST is NOT affiliated with JD Edwards® & Company, Oracle or Peoplesoft. Contents of this site are neither endorsed nor approved by JD Edwards® & Company and, or Oracle.