Security updates

You can download and install security updates for some components of RICOH ProcessDirector without installing the entire product.

Security updates for these components are released monthly, if available:

  • IBM DB2
  • PostgreSQL
  • Tomcat
  • Java

Additional security updates are often included in the RICOH ProcessDirector Product Update or Patches package. On occasion, other features or components are updated as well.

See Downloading and installing security updates for additional information.

Note: Starting with version 3.14, RICOH ProcessDirector was updated to use Java 21. As a result, many component versions differ based on the version of RICOH ProcessDirector you have installed. When downloading security updates, verify which version applies to your installation.

Security Update History

Release Date Updates included
June 2026
ProductUpdate
Available for version 3.14 and later on both Linux and Windows. This Product Update includes:
  • Support for TLS v1.3. To use the new version, open Administration Security and choose TLS v1.3.
  • OpenJDK 17.0.19+10. Includes resolutions for: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, and CVE-2026-34282.
RicohPDFPrinter
Available for version 3.13.3 and earlier on both Linux and Windows. This update package includes a log4j update with resolutions for: CVE-2025-68161, CVE-2026-34478, and CVE-2026-34480.
Tomcat
Available for both Linux and Windows.
Version 3.13.3 and earlier
Tomcat 9.0.118. Includes resolutions for: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43512, CVE-2026-43513, CVE-2026-43514, and CVE-2026-43515.
Version 3.14 and later
Tomcat 11.0.22. Includes resolutions for: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43512, CVE-2026-43513, CVE-2026-43514, and CVE-2026-43515.
Java
Available for both Linux and Windows.
Version 3.13.3 and earlier
OpenJDK 8u492-b09. Includes resolutions for: CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, and CVE-2026-34268.
Version 3.14 and later
OpenJDK 21.0.11+10. Includes resolutions for: CVE-2025-53066, CVE-2025-53057, CVE-2025-61748, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2025-64720, CVE-2025-65018, CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, and CVE-2026-34282.
April 2026
IBM DB2 11.5.9 Special Build 75854
IBM DB2 Security release.
March 2026
OpenJDK 8u482b08 (Java)
Available for both Linux and Windows. Includes resolutions for: CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21925.
Tomcat 9.0.115
Available for both Linux and Windows. Includes resolution for CVE-2026-24734.
Note: RICOH ProcessDirector includes log4j in its installation package. However, the use of log4j in RICOH ProcessDirector is not impacted by CVE-2025-68161. The updated log4j package will be included in the next scheduled product release.
February 2026
IBM DB2 11.5.9 Special Build 66394
Includes resolutions for: CVE-2025-36425, CVE-2025-13867, CVE-2025-8916, CVE-2025-36424, CVE-2025-36442, CVE-2025-36427, and CVE-2025-36428.
PostgreSQL 18.2
Includes resolutions for: CVE-2026-2007, CVE-2026-2006, CVE-2026-2005, CVE-2026-2004, and CVE-2026-2003.

January 2026
Product Update
Available for both Linux and Windows. No CVE resolutions, but fixes for other minor issues.
Patches
Includes an updated file to prevent removal of SSL settings after installing or upgrading features. For installation instructions, see: Installing the January 2026 patch package

December 2025
IBM DB2 11.5.9 Special Build 69673
Available for both Linux and Windows. No CVE resolutions included.
OpenJDK 8u472b08 (Java)
Available for both Linux and Windows. Includes resolutions for CVE-2025-53066 and CVE-2025-53057.
PostgreSQL 18.1
Includes resolutions for CVE-2025-12818 and CVE-2025-12817, available in version 18.1.
Tomcat 9.0.112
Includes resolution for CVE-2025-61795, available in version 9.1.110 and above.
Product Update
Includes resolution for CVE-2025-48976.

In this section:

  1. Installing the January 2026 patch package
    This patch fixes an issue that affects SSL settings after you install or upgrade a feature.
Parent topic: RICOH ProcessDirector for Linux