Announcing Java updates of Oct 2022 for for Java 8, 11, 17, and 19: resources and thoughts
TLDR: The new updates are 1.8.0_351, (aka 8u351), 11.0.17, 17.0.5, and 19.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes as each other (though not always).
Update: After posting this, I learned of some rather surprising implications of a new feature of the new JDK installer. For more, see a new section on this below.
Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so take that "critical" nomenclature for what it is. For more on each of them, including what changed and the several security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. And if you may be skipping to this from a JVM update from before Apr 2021, I share also a bit more info as well as for users of Adobe ColdFusion (including where to find the updated Java versions from Adobe, what JVM versions Adobe CF supports, and more).
For some folks, that's all they need to hear. For others, read on for topics like:
- Finding more info on these Oct 2022 Java updates
- News for my CF audience (getting the Java updates from Adobe or Oracle, how to update, why you should NOT for now use Java 17 with CF, etc)
- Should you apply the update? how soon?
- Beware a change in the Oct 22 JVM update regarding Java no longer trusting jars signed with SHA-1
- Beware a change in the April 2021 JVM update, if you may be skipping over it
- Wrapping up, getting more help
Let me know what you think, and if it works for you.
I ask all this because if you DO mean you got that "Failed Signature Verification" error message during the download of the CF update within the CF Admin, that was a problem in CF2018 that's not about Java at all, but rather about if you were on update 3 or earlier of CF2018. It was a problem caused by a server cert change at Adobe. What's tragic is that the last CF2018 installer Adobe ever offered only updated CF2018 to update 2: so ANYONE who might have a CF2018 installer and install it today will hit this problem.
And the update screens as well as the technotes (for CF2018 updates) tell you that before you can do any subsequent update (within the CF Admin) you must do update 4 first. (To be clear, if one does a manual download and install of a later update, then this step is not needed. It's only the download in the CF Admin which does this "signature verificaton".)
So frankly, my guess is that you tried to kill two birds with one stone: updating the java AND trying then to update CF, and hitting this problem due to the latter.
If things are as I suspect, then you should find that you can reset CF to using the new JVM, and subsequent updates for CF2018 should have no problem. I realize you may choose to "leave well enough alone", but ntoe that it IS in your interest--and Adobe recommends for security reasons-- that you be on both the latest CF update and the latest update to Java for the Java version that your CF supports: and for CF2021 and 2018 currently, that is Java 11 (only), and so 11.0.17 as of last week.