Forum Discussion

bc1410's avatar
bc1410
Level 6
8 years ago

Upgradeing JAVA for Clearwell 8.1.1 R1

So we are always get tagged for a Critical Vulnerabilities for JAVA on our Clearwell Boxes from our Info Security team that we are using an older version.   Does anybody see any effects of upgrading the JAVA VERSION from what is installed on the v8.1.1 R1 clearwell version to JAVA SE Developement Kit 8 update 92 OR 102?  Please advise. 

 

Thanks

  • Howdy bc1410,

    I would echo the advice that Daly mentions. He's correct in the steps that support will take if issues are found as a result of updating Java.

    However, as of eDisocvery Platofrm 8.1.1 CHF2 + and 8.2, we removed the Java version check from the installer which means that we no longer validate the update pack, e.g. U45, versus the major, e.g. Java 8, version of the JDK during an eDisocvery Platform upgrade is being performed. With that said, it's very important to understand that if you upgrade the Java update pack, you must be running eDiscovery Platform 8.1.1 CHF2 + or 8.2 in order to perform any future eDisocvery platform upgrades.

    This check was removed, at least for Java, in repsonse to the very screnario that you post in your post concerning eDisocvery Platform 3rd Party software showing up as security vunerabilities. In my experince with this, this has become a big concern mostly for Fed agencies, but i's becoming more of a concern for other customers of late. The version check was only removed for Java. I don't know if there will be any changes for any other eDiscovery Platform 3rd party software in the future except for what's installed by default in future releases.

    In my capacity as an eDiscovery Platform Business Critical Engineer (BCE), I have a helped several of our Business Critical customers through successful Java update pack upgrades and have validated it many times in my labs, all without issue. However, this was because we followed specific guidelines for how to perform a Java update pack upgrade for eDiscovery Platform. These guidelines must be followed or it could leave eDiscovery Platform in an inoperable state. I'm not entrely sure what policy support has around assisting this type of upgrade, but you may want to open a support case to at least find out.

     

  • Howdy bc1410,

    I would echo the advice that Daly mentions. He's correct in the steps that support will take if issues are found as a result of updating Java.

    However, as of eDisocvery Platofrm 8.1.1 CHF2 + and 8.2, we removed the Java version check from the installer which means that we no longer validate the update pack, e.g. U45, versus the major, e.g. Java 8, version of the JDK during an eDisocvery Platform upgrade is being performed. With that said, it's very important to understand that if you upgrade the Java update pack, you must be running eDiscovery Platform 8.1.1 CHF2 + or 8.2 in order to perform any future eDisocvery platform upgrades.

    This check was removed, at least for Java, in repsonse to the very screnario that you post in your post concerning eDisocvery Platform 3rd Party software showing up as security vunerabilities. In my experince with this, this has become a big concern mostly for Fed agencies, but i's becoming more of a concern for other customers of late. The version check was only removed for Java. I don't know if there will be any changes for any other eDiscovery Platform 3rd party software in the future except for what's installed by default in future releases.

    In my capacity as an eDiscovery Platform Business Critical Engineer (BCE), I have a helped several of our Business Critical customers through successful Java update pack upgrades and have validated it many times in my labs, all without issue. However, this was because we followed specific guidelines for how to perform a Java update pack upgrade for eDiscovery Platform. These guidelines must be followed or it could leave eDiscovery Platform in an inoperable state. I'm not entrely sure what policy support has around assisting this type of upgrade, but you may want to open a support case to at least find out.

     

    • Daly's avatar
      Daly
      Level 5

      Hello bc1410,

      JimmyClearwell is correct on this, please raise a ticket with technical support if you do plan to do this as the process itself is not as simple as just just updating the minor version & has some config changes needed.

       

  • Hello bc1410,

    We don't advise updating Java, it can cause some strange behavior and it's not been tested with the product version being ran. If any issues are hit, support can only advise to revert back to the previous version of Java that the product is bundled with.

    For reference see: https://www.veritas.com/support/en_US/article.000024528