Bundled JRE version vulnerabilities

The JRE version included in the bundled package is 1.8.0_202, which has a number of flaws.

I understand that there are additional licensing issues with Java, and that a different Java runtime may be preferable.

This is why starting with 4.7.0 JRE will not be bundled anymore.

1 Like

More context on the reason why we stop bundling JRE’s with Openfire is provided in https://discourse.igniterealtime.org/t/removal-of-openfire-artifacts-with-bundled-jres/

Thank you. I installed openjdk version “1.8.0_312” and removed the bundled version. It’s still in the current rpm packages being supplied. I tried v11, but the noarch rpm package didn’t recognize the version. I thought v11 was supported, but it runs great with v8.