Java patching

BEN QUARTERMAINE February 11, 2013

Hi there,

We recently completed an upgrade of our production environment to JIRA 5.1.5. One of our security analysts has run a vulnerability scan on our new server and has identified a risk due to older an version of java runtime (5.1.5 is bundled with jre version 1.6.0_26) He would like for us to upgrade the jre to 6 update 37 to address various security issues.

Can you please advise what risk does this involve? Would you recommend rigorous testing for this type of change to our JIRA environment?

If we are running JIRA as a windows service do we just need to point the relevant key in the registry to the new jvm.dll or is extra configuration required?

eg:

Windows Registry Editor Version 5.00

HKEY_LOCAL_MACHINE SOFTWARE Wow6432Node Apache Software Foundation Procrun 2.0 JIRA Parameters Java

Jvm=D: Atlassian JIRA jre bin server jvm.dll

Thanks,

Ben

1 answer

0 votes
Brian Provenzano April 19, 2013

Try this on Windows: https://confluence.atlassian.com/display/JIRAKB/Configuring+JIRA+Service+to+Run+on+a+Different+JVM

On Ubuntu Linux the following seems to work:

I created a script in /etc/profile.d to cover both scenarios as well as make this work based on whatever is setup by update-alternatives for java in Ubuntu (script is called /etc/profile.d/setjavahome.sh):

export JRE_HOME=$(dirname $(dirname $(readlink -f /usr/bin/java)))
export JAVA_HOME=$JRE_HOME

Suggest an answer

Log in or Sign up to answer