Maintaing Jira installations on Windows

Alex June 15, 2015

Hi,

I have a question regarding the windows installation. I plan to use JIRA in an environment where I have to take care a bit more about security. During the installation of JIRA I identified three components on the server which I have to take care of. First the JRE and second the tomcat and last but not least JIRA itself. I'm just talking about security vulnerabilities here. I read that the best way to keep JIRA up to date is the rapid upgrade method. This method includes besides JIRA itself the JRE and Tomcat. The question I have is how fast are new versions available when there are new releases of the JRE and Tomcat? On a Linux server I think I would take care of them separately by my self but as I understand the rapid upgrade method correctly I do not have this option on a Windows installation. 

Please don't ask me why I'm going to install JIRA on a Windows machine. Its a customer requirement. 

Are there any best practices for maintaining security releases for each of the products?

Thank you for your answers.

Regards,

Alex

 

1 answer

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 16, 2015

Atlassian tend to package them together and they don't alter releases.  So if JIRA x.y.z comes with Tomcat 7.1.4 and JRE 1.8_02, that's not going to change even if there are security issues with any component.  The version of Tomcat and JRE can change on any release though, so it may be that JIRA x.y.z+1 uses a later Tomcat/JRE.  

But those releases do NOT drive Atlassian releases.  Atlassian fixes are what drives the z part of the release and improvements the y.  They've been known to keep running with quite old Tomcats, even in later releases.

Alex June 16, 2015

Thank you for your answer, Nic!

Suggest an answer

Log in or Sign up to answer