10-21-2016 06:11 AM
So we are always get tagged for a Critical Vulnerabilities for JAVA on our Clearwell Boxes from our Info Security team that we are using an older version. Does anybody see any effects of upgrading the JAVA VERSION from what is installed on the v8.1.1 R1 clearwell version to JAVA SE Developement Kit 8 update 92 OR 102? Please advise.
Thanks
Solved! Go to Solution.
10-31-2016 06:48 AM
Howdy @bc1410,
I would echo the advice that @Daly mentions. He's correct in the steps that support will take if issues are found as a result of updating Java.
However, as of eDisocvery Platofrm 8.1.1 CHF2 + and 8.2, we removed the Java version check from the installer which means that we no longer validate the update pack, e.g. U45, versus the major, e.g. Java 8, version of the JDK during an eDisocvery Platform upgrade is being performed. With that said, it's very important to understand that if you upgrade the Java update pack, you must be running eDiscovery Platform 8.1.1 CHF2 + or 8.2 in order to perform any future eDisocvery platform upgrades.
This check was removed, at least for Java, in repsonse to the very screnario that you post in your post concerning eDisocvery Platform 3rd Party software showing up as security vunerabilities. In my experince with this, this has become a big concern mostly for Fed agencies, but i's becoming more of a concern for other customers of late. The version check was only removed for Java. I don't know if there will be any changes for any other eDiscovery Platform 3rd party software in the future except for what's installed by default in future releases.
In my capacity as an eDiscovery Platform Business Critical Engineer (BCE), I have a helped several of our Business Critical customers through successful Java update pack upgrades and have validated it many times in my labs, all without issue. However, this was because we followed specific guidelines for how to perform a Java update pack upgrade for eDiscovery Platform. These guidelines must be followed or it could leave eDiscovery Platform in an inoperable state. I'm not entrely sure what policy support has around assisting this type of upgrade, but you may want to open a support case to at least find out.
10-31-2016 03:06 AM
Hello bc1410,
We don't advise updating Java, it can cause some strange behavior and it's not been tested with the product version being ran. If any issues are hit, support can only advise to revert back to the previous version of Java that the product is bundled with.
For reference see: https://www.veritas.com/support/en_US/article.000024528
10-31-2016 06:48 AM
Howdy @bc1410,
I would echo the advice that @Daly mentions. He's correct in the steps that support will take if issues are found as a result of updating Java.
However, as of eDisocvery Platofrm 8.1.1 CHF2 + and 8.2, we removed the Java version check from the installer which means that we no longer validate the update pack, e.g. U45, versus the major, e.g. Java 8, version of the JDK during an eDisocvery Platform upgrade is being performed. With that said, it's very important to understand that if you upgrade the Java update pack, you must be running eDiscovery Platform 8.1.1 CHF2 + or 8.2 in order to perform any future eDisocvery platform upgrades.
This check was removed, at least for Java, in repsonse to the very screnario that you post in your post concerning eDisocvery Platform 3rd Party software showing up as security vunerabilities. In my experince with this, this has become a big concern mostly for Fed agencies, but i's becoming more of a concern for other customers of late. The version check was only removed for Java. I don't know if there will be any changes for any other eDiscovery Platform 3rd party software in the future except for what's installed by default in future releases.
In my capacity as an eDiscovery Platform Business Critical Engineer (BCE), I have a helped several of our Business Critical customers through successful Java update pack upgrades and have validated it many times in my labs, all without issue. However, this was because we followed specific guidelines for how to perform a Java update pack upgrade for eDiscovery Platform. These guidelines must be followed or it could leave eDiscovery Platform in an inoperable state. I'm not entrely sure what policy support has around assisting this type of upgrade, but you may want to open a support case to at least find out.
11-01-2016 07:19 AM
Hello @bc1410,
@JimmyClearwell is correct on this, please raise a ticket with technical support if you do plan to do this as the process itself is not as simple as just just updating the minor version & has some config changes needed.