We recently completed an upgrade of our production environment to JIRA 5.1.5. One of our security analysts has run a vulnerability scan on our new server and has identified a risk due to older an version of java runtime (5.1.5 is bundled with jre version 1.6.0_26) He would like for us to upgrade the jre to 6 update 37 to address various security issues.
Can you please advise what risk does this involve? Would you recommend rigorous testing for this type of change to our JIRA environment?
If we are running JIRA as a windows service do we just need to point the relevant key in the registry to the new jvm.dll or is extra configuration required?
Windows Registry Editor Version 5.00
HKEY_LOCAL_MACHINE SOFTWARE Wow6432Node Apache Software Foundation Procrun 2.0 JIRA Parameters Java
Jvm=D: Atlassian JIRA jre bin server jvm.dll
On Ubuntu Linux the following seems to work:
I created a script in /etc/profile.d to cover both scenarios as well as make this work based on whatever is setup by update-alternatives for java in Ubuntu (script is called /etc/profile.d/setjavahome.sh):
export JRE_HOME=$(dirname $(dirname $(readlink -f /usr/bin/java)))
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot