Articles in this section

Java Corretto 8 Vulnerabilities

Avatar
Camille Hansen
  • Updated
Follow

Summary

The Adaptiva OneSite Framework components includes the open-source Amazon Java Corretto 8 (JRE). JRE contains many components and libraries. Since the server does not use every JRE component or library, only some discovered vulnerabilities impact Adaptiva services. Adaptiva strives to include the latest versions of open-source software in our latest builds. Open-source software changes that include improvements or vulnerability resolutions may occur between build releases.

If your Security team reports a vulnerability in the JRE on the Adaptiva Server, Adaptiva Client, or Adaptiva Workbench see the solutions below.

Solution

Check your Adaptiva Server Version

  1. Navigate to the Adaptiva Support Portal Product Releases page, and then select the Adaptiva Cumulative Release Notes link. The currently released Adaptiva version appears on this page.

  2. Determine which version of the Adaptiva Server you are using by logging into the Adaptiva OneSite Admin Portal, and then select 3412_spr.png > Settings > About Adaptiva Server.

  3. If using the latest version, skip to the Alternative Solution or wait for the next release.

    Note

    The latest version of JRE included with the latest release also appears in the Cumulative Release Notes. If this Adaptiva OneSite Platform version does not meet the requirements upgrade provided by the security team, continue to the Alternate Solution.

Alternative Solution

Important

If you reinstall or upgrade any of the products after completing the following steps, repeat the instructions below to reapply the latest version of Corretto-8 JRE.

Download and Rename the Vendor Files

  1. Navigate to the Releases corretto/corretto-8 (github.com) page to download the latest version of Corretto-8 JRE.

    Note

    Download the .zip file based on the version of the Adaptiva Server you are using. The Adaptiva Workbench uses the x86 platform for all versions. Use the following information to determine which version to use:

    • 9.0.962 or later: use Platform = Windows x64; Type = JRE

    • 8.1.937 or earlier: use platform = Windows x86; Type = JRE

  2. Save the zip file to the Downloads folder, and then extract (unzip) the files to a folder in that location. Each zip file contains one folder called JRE8.

  3. On the Adaptiva Server, make a backup copy of each of the existing JRE folders from the corresponding locations below:

    Product

    Default Install Location

    Adaptiva Server

    %AdaptivaServer%\JRE

    Adaptiva Client

    %AdaptivaClient%\JRE

    Adaptiva Workbench

    %AdaptivaWorkbench%\JRE

Update JRE

  1. Stop the AdaptivaServer service when updating the server.

  2. Open the JRE8 folder from the extracted temporary download location. Review the following information to determine which version to copy:

    • x64 JRE8 for Adaptiva Server and Adaptiva Client 9.0 and later.

    • x86 JRE8 for Adaptiva Client 8.1 and earlier and the Adaptiva Workbench.

  3. Make a backup copy of the desired JRE8 folder using the following steps:

    1. Browse to the following file path:

      %AdaptivaServer%

    2. Make a backup of the JRE folder.

    3. Copy the contents of the JRE8 folder to the JRE folder.

  4. Copy folders and files from their temporary location to the following directory:

    %AdaptivaServer%\JRE

  5. Select Yes to accept the overwrite, and then start the AdaptivaServer service.

  6. Repeat the preceding steps to copy the folders and files to the Adaptiva Client and Adaptiva Workbench. Reference the default installation locations in the table above.

Verify the Amazon Corretto JRE Version on the Adaptiva Server

To verify the Adaptiva JRE version update, open a command prompt window on the Adaptiva Server, and then enter the following command on one line:

"%AdaptivaServer%\jre\bin\java.exe" -version

The following example output will resemble the version you downloaded:

Openjdk version "1.8.0_442"

OpenJDK Runtime Environment Corretto-8.442.06.1 (build 1.8.0_442-b06)

OpenJDK 64-Bit Server VM Corretto-8.442.06.1 (build 25.442-b06, mixed mode)

Update All Devices

If you must update all devices with the Adaptiva Client installed, complete the following steps:

  1. Create a folder with the JRE8 files and folders. Use the following best practices, when creating this folder:

    • Make sure to select the correct version of JRE8.

    • If you have both versions, 9.0.962 or later and 8.1.937 or earlier, create two sets of folders (one for each version), and then create two Microsoft Configuration Manager (ConfigMgr) packages.

  2. Create a ConfigMgr packaged using the correct version folder as the source. Make sure to select the source folder from the downloaded content (bin and lib folder). Use the following best practices when creating this package:

    • No program required.

    • Distribute to all Distribution Points.

  3. Create a Task Sequence using the following steps:

    1. Select Set Task Sequence Variable from the Add menu, and the enter the following information on the command line:

      • Task Sequence Variable: SMSTSDownloadProgram

      • Value: "%AdaptivaClient%\bin\%processor_architecture%\OneSiteDownloader.exe"

      • Command line: cmd

    2. Run the following command:

      cmd /c net stop AdaptivaClient && xcopy *.* "%AdaptivaClient%\JRE" /S /C /I /R /Y && net start AdaptivaClient

      Tip

      To track clients that fail to start, make the NET Start AdaptivaClient a separate step.

    3. Check the box Package, select the ConfigMgr package, and then select Continue on Error on the Options tab.

  4. Deploy the task sequence to a pilot group to test and validate on devices with the Adaptiva Client installed.

    Tip

    Make sure to uncheck the Show Task Sequence progress checkbox.

Related articles

Comments

0 comments

Please sign in to leave a comment.