Oracle pushed out a security update yesterday to fix a vulnerability that allowed attackers to forge certain types of SSL certificates and handshakes, two-factor authentication information, and authorization credentials generated by a range of widely used open standards. This allows an attacker to easily digitally sign files and other data. This vulnerability affects the implementation of ECDSA (Elliptic Curve Digital Signature Algorithm) in Java 15 and above. ECDSA is an algorithm that uses elliptic curve cryptography principles to digitally authenticate messages.
According to a report in the foreign media The Register and feedback from major enterprises, Oracle has recently begun to include Java in its software licensing review, with the aim of Oracle’s move is an effort to push companies to pay, an operation it routinely employs to boost payment rates. Oracle introduced two licensing models for Java SE. In April 2019, Oracle began charging a license fee for Java that was previously free, which requires users to pay for a subscription to a commercial Java SE product in order to receive patches and updates.