Hi,
I have a question regarding the windows installation. I plan to use JIRA in an environment where I have to take care a bit more about security. During the installation of JIRA I identified three components on the server which I have to take care of. First the JRE and second the tomcat and last but not least JIRA itself. I'm just talking about security vulnerabilities here. I read that the best way to keep JIRA up to date is the rapid upgrade method. This method includes besides JIRA itself the JRE and Tomcat. The question I have is how fast are new versions available when there are new releases of the JRE and Tomcat? On a Linux server I think I would take care of them separately by my self but as I understand the rapid upgrade method correctly I do not have this option on a Windows installation.
Please don't ask me why I'm going to install JIRA on a Windows machine. Its a customer requirement.
Are there any best practices for maintaining security releases for each of the products?
Thank you for your answers.
Regards,
Alex
Atlassian tend to package them together and they don't alter releases. So if JIRA x.y.z comes with Tomcat 7.1.4 and JRE 1.8_02, that's not going to change even if there are security issues with any component. The version of Tomcat and JRE can change on any release though, so it may be that JIRA x.y.z+1 uses a later Tomcat/JRE.
But those releases do NOT drive Atlassian releases. Atlassian fixes are what drives the z part of the release and improvements the y. They've been known to keep running with quite old Tomcats, even in later releases.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.