Upgradeing JAVA for Clearwell 8.1.1 R1
So we are always get tagged for a Critical Vulnerabilities for JAVA on our Clearwell Boxes from our Info Security team that we are using an older version. Does anybody see any effects of upgrading the JAVA VERSION from what is installed on the v8.1.1 R1 clearwell version to JAVA SE Developement Kit 8 update 92 OR 102? Please advise.
Thanks
Howdy bc1410,
I would echo the advice that Daly mentions. He's correct in the steps that support will take if issues are found as a result of updating Java.
However, as of eDisocvery Platofrm 8.1.1 CHF2 + and 8.2, we removed the Java version check from the installer which means that we no longer validate the update pack, e.g. U45, versus the major, e.g. Java 8, version of the JDK during an eDisocvery Platform upgrade is being performed. With that said, it's very important to understand that if you upgrade the Java update pack, you must be running eDiscovery Platform 8.1.1 CHF2 + or 8.2 in order to perform any future eDisocvery platform upgrades.
This check was removed, at least for Java, in repsonse to the very screnario that you post in your post concerning eDisocvery Platform 3rd Party software showing up as security vunerabilities. In my experince with this, this has become a big concern mostly for Fed agencies, but i's becoming more of a concern for other customers of late. The version check was only removed for Java. I don't know if there will be any changes for any other eDiscovery Platform 3rd party software in the future except for what's installed by default in future releases.
In my capacity as an eDiscovery Platform Business Critical Engineer (BCE), I have a helped several of our Business Critical customers through successful Java update pack upgrades and have validated it many times in my labs, all without issue. However, this was because we followed specific guidelines for how to perform a Java update pack upgrade for eDiscovery Platform. These guidelines must be followed or it could leave eDiscovery Platform in an inoperable state. I'm not entrely sure what policy support has around assisting this type of upgrade, but you may want to open a support case to at least find out.