To keep you informed about any suspected or confirmed security issues, SAS publishes security bulletins as part of our formal Product Security Incident Response Team (PSIRT) process.
SAS delivers security fixes as part of the hot-fix process. Please note that hot fixes for each product component are cumulative and might include functionality fixes in addition to security fixes. Security Statements describe the hot fixes that are needed to address specific vulnerabilities, and other hot fixes might contain security fixes that are recommended for other issues or products.
- For a list of hot fixes that are available for your products, use the the SAS Hot Fix Analysis, Download & Deployment (SASHFADD) tool.
- See the Hot Fix FAQ for a general overview of hot fixes.
Java 7 Updates
SAS continues to use and support a Java 7 JRE for SAS 9.4 deployments. See SAS Third-Party Software Requirements – Java 7 Updates for details. The most recent update to the SAS Private JRE is available from the Downloads application.
SAS Note 56203 documents the following Java 7 updates:
- Java 7 update 1.7_161 (November 2017)
- Java 7 update 1.7.0_151 (July 2017)
- Java 7 update 1.7.0_141 (April 2017)
- Java 7 update 1.7.0_131 (January 2017)
- Java 7 update 1.7.0_121 (October 2016)
- Java 7 update 1.7.0_111 (July 2016)
- Java 7 update 1.7.0_101 (April 2016)
- Java 7 update 1.7.0_91 (October 2015)
- Java 7 update 1.7.0_85 (July 2015)
Contact the Product Security Incident Response Team
Customers who have SAS support contracts should report a suspected security issue by opening a track with SAS Technical Support. Security researchers or others who do not have a support contract can contact PSIRT directly by sending email to email@example.com. Information about security vulnerabilities should be encrypted by using our public Pretty Good Privacy (PGP) key.