We recently had a security audit for one of our applications, and part of it was an automated scan of all systems that made up the application. It flagged the Java 14 directory used by Fusionauth 1.25 as a security issue, as an unsupported Java version. Given that Java 14 support ended in September, 2020, this sounded about right.
We tried to work this around by running Fusionauth with different Java versions (8/11/16 etc). Then it turned out that recent Fusionauth binaries are compiled with Java 14 "preview" features at compile time, and can only be run with the --enable-preview
option with JRE 14.
This is the relevant Github issue, where Java was updated from version 8 to 14: https://github.com/FusionAuth/fusionauth-issues/issues/481
Is there a possible workaround here? Can someone from the FusionAuth team tell us if there are plans to upgrade Java to a supported version? It would be very helpful.
Thanks in advance!