The change is about dropping support for algorithms that are no longer
considered secure so I don't think there is any CVE attached to this.
> In addition, this issue is marked as an "enhancement".
Probably not the best name but they only have a limited set of bug types
in their bugtracker.
> The change is about dropping support for algorithms that are no longer
> considered secure so I don't think there is any CVE attached to this.
We were affected by the regression as well but I think in the long run,
this is a relatively small price to pay to not have to carry outdated
crypto. I find the security team to be very good and conservative with
backporting security fixes but most importantly when mistakes happen,
they get fixed pretty quickly.
On 2017-05-18 07:54 PM, Graham Leggett wrote: /bugs.openjdk. java.net/ browse/ JDK-8148516, I'm not
> Looking at https:/
> seeing a CVE number attached.
The change is about dropping support for algorithms that are no longer
considered secure so I don't think there is any CVE attached to this.
> In addition, this issue is marked as an "enhancement".
Probably not the best name but they only have a limited set of bug types
in their bugtracker.
> The change is about dropping support for algorithms that are no longer
> considered secure so I don't think there is any CVE attached to this.
We were affected by the regression as well but I think in the long run,
this is a relatively small price to pay to not have to carry outdated
crypto. I find the security team to be very good and conservative with
backporting security fixes but most importantly when mistakes happen,
they get fixed pretty quickly.