Guideline on Java security updates

Document created by Stig_Skilbred Employee on May 15, 2015
Version 1Show Document
  • View in full screen mode

As you all know, CA ships the CA APM Enterprise Manager with a JRE distribution. This is convenient for 2 reasons:

 

  • Ease of installation and configuration
    • No need to download any "extra" software
  • Compatibility
    • The distributed Java version has been tested and proven qualified and safe for running the Enterprise Manager

 

You, most probably, also know that Oracle is extremely keen on releasing new patches and minor releases of Java, sometimes classified as critical and highly recommendable. And you might ask yourself: will CA ship a patch for my EM installation to ensure we are on the latest and greatest java deliverable??

The simple answer to this question is 'no'. But it doesn't mean you can't follow the recommendations by the guys at Oracle!!

You can install and use the Java distributable of your choice, as long as it meets the requirements specified for the EM in our compatibility guide (found on CA Support)

 

So the guidelines to which Java version and patch to use can be summarized as:

 

  • Use the Java version and patch distributed with the EM if possible. It is tested and proven by CA.
  • If you have internal company policies on which Java version to use, or how to handle patches
    1. Check that the required version is supported and thus listed in the compatibility guide.
    2. Configure the property lax.nl.current.vm in the EM (and WebView if used) lax file to point to your own Java installation.
    3. Keep your Java installation up to date, BUT again - check that the version is supported!!!
  • In any of the above use cases, if you have any concerns about the Java version in place and the effects on the EM - let us know!

 

FYI: So far, we have not had any reports on java security issues affecting the EM.

Attachments

    Outcomes