Announcing Java updates of Jan 20, 2026 for 8, 11, 17, 21, and 25 - thoughts and resources

Posted At : January 20, 2026 12:55 PM | Posted By : Charlie Arehart
Related Categories: updates, java, security
Comments: (0)

It's that time again: there are new Oracle JVM updates released today (Jan 20, 2026) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, 21, and 25. (Yep, kind of crazy that there are for now 5 current Oracle Java "LTS" releases, for historical reasons.)

TLDR: The new updates are 1.8.0_481 (aka 8u481), 11.0.30, 17.0.18, 21.0.10, and 25.0.2, respectively. More on the updates below, including links to more info on each of them including what changed, bug fixes, and the security fixes each version contains. (I also offer a quick assessment of the changes listed for the updates.)

Also, openjdk updates are usually released at the same time or soon after, so this info may help users of such alternative JDK implementations.

For some folks, the above is all they need to hear. For others, whether this your first time updating Java or your fiftieth, there are some things that you may or may not know, as I cover here.

[....Continue Reading....]

Comments (0)

Announcing ColdFusion updates released Jan 13 2026 - p1 security update

Posted At : January 14, 2026 12:21 AM | Posted By : Charlie Arehart
Related Categories: updates, security, cf2025, cf2023
Comments: (4)

An update for ColdFusion has been released, Jan 13 2026, for each of cf2025 (as its update 6) and cf2023 (as its update 18). (This is the first update since CF2021 has reached its end of life as I blogged previously, so this is the first cf update NOT available for cf2021, which is something folks running that should beware.)

In brief, this update (for both versions) addresses a P1 (Priority 1, "Critical") security vulnerability, related to the Apache Tika java framework which Adobe embeds for certain processing with CF.

Before proceeding, it's of some concern to note that unlike recent CF security updates, Adobe does NOT report (in the APSB, linked to below) that they are, "not aware of any exploits in the wild for any of the issues addressed in these updates." That omission would seem to imply that they ARE aware of this vuln being exploited, which raises the urgency of getting it applied. (It also raises the concern all the more for those on CF2021 or earlier, for whom Adobe will no longer offers ANY updates, including security updates.)

In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.

For more, read on.

[....Continue Reading....]

Comments (4)

Home

View all posts

Enter your email address to subscribe to this blog.

Recent Comments

Announcing ColdFusion updates released Jan 13 2026 - p1 security update
Charlie Arehart said: Bruce, yes. While it's true that starting a few updates ago, Adobe changed it so that they DID ... [more]

One explanation and solution for when applying CF updates uninstalls new packages unexpectedly
Matt B. said: Roberto A., as a fellow manual updater there is definitely an issue when doing manual updates. I ... [more]

Announcing ColdFusion updates released Jan 13 2026 - p1 security update
Bruce Longee said: I happened to have /cfusion/bin open when I was running the install, and it looks like the ... [more]

Announcing ColdFusion updates released Jan 13 2026 - p1 security update
Charlie Arehart said: Thanks, German. I've reported to them that there are quirky problems with that portal/blog ... [more]

Announcing ColdFusion updates released Jan 13 2026 - p1 security update
German said: I managed to find the link to the Adobe Blog post about this update via cfblogs.org. Not sure why it ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Entries by year

2026

January (2)

2025 (19)
2024 (28)
2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter/X, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (109) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
boxlang (1) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (61) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (60) [RSS]
cf2021 (68) [RSS]
cf2023 (48) [RSS]
cf2025 (13) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (6) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (4) [RSS]
community (30) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (14) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (63) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (50) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (21) [RSS]
migrating (2) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (15) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (34) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (34) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (76) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (74) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Sep 2025

CFCamp
May 2025

Into The Box
May 2025

Adobe CF Summit East
Mar 2025

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by