If you want to remain on Java 7 then ensure you are using at least 7.26
or later.
Moving to TomEE 1.7.x onto Java 8 should not be performed without
extensive testing of production system, but it should be OK.
You could also just upgrade to TomEE 1.7.4 - You may need to adjust the
'tomee.serialization.class.whitelist' System property - See here:
http://tomee.apache.org/ejbd-transport.html
Andy.
On 06/09/17 23:37, Jason Core wrote:
> To remedy CVE-2013-4444, can users just upgrade their version of Oracle Java
> to 8 and not have to upgrade their version of TomEE.
>
> We are currently on Apache TomEE 1.7.0
>
> In post below it looks as if we can do either – upgrade TomEE version or
> upgrade Java version.
>
> https://threatpost.com/apache-warns-of-tomcat-remote-code-execution-vulnerability/108192/
>
>
>
>
> --
> Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
|