David, why doesn't the installer use the Java version the customer has likely already installed? Is there a technical reason it needs to actually install its own version?
Rick On Dec 15, 2011 1:58 PM, "Easter, David" <david_eas...@bmc.com> wrote: > ** > > The bundled JVM/JRE is supplied for use by the installer because the > installer needs it. Once the installation is complete, use of the bundled > JVM/JRE is used by some customers as a convenience, but it is not a > requirement. It is not meant to restrict any customer to using that > version during run time or convey that the provided version is the only one > supported. Customers are welcome to use any supported version of Java > that they see fit and/or patch/upgrade the supplied one. **** > > ** ** > > -David J. Easter**** > > Manager of Product Management, Remedy Platform**** > > BMC Software, Inc.**** > > **** > > The opinions, statements, and/or suggested courses of action expressed in > this E-mail do not necessarily reflect those of BMC Software, Inc. My > voluntary participation in this forum is not intended to convey a role as a > spokesperson, liaison or public relations representative for BMC Software, > Inc.**** > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller > *Sent:* Thursday, December 15, 2011 9:47 AM > *To:* arslist@ARSLIST.ORG > *Subject:* Re: CMDB - Bundled JVM**** > > ** ** > > ** It is a little more current (very little) on my 7.6.04 SP2 Windows > server.**** > > ** ** > > \PathToInstall\BMC Software\AtriumCore\BMCAtriumCoreInstallJVM\bin>java > -version**** > > java version "1.5.0_11"**** > > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)**** > > Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode)**** > > ** ** > > Jason**** > > ** ** > > ** ** > > On Thu, Dec 15, 2011 at 9:32 AM, Axton <axton.gr...@gmail.com> wrote:**** > > ** Does anyone know why certain components of ITSM come bundled with an > ancient version of the Sun JRE?**** > > ** ** > > Atrium Core comes bundled with this JVM:**** > > ** ** > > [user@server bin]$ pwd**** > > /path/to/AtriumCore/server/BMCAtriumCoreInstallJVM/bin**** > > ** ** > > [user@server bin]$ ./java -version**** > > java version "1.5.0_09"**** > > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)**** > > Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode)**** > > ** ** > > The following security issues are not addressed in the bundled JVM:**** > > ** ** > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the following names to the security issues fixed in**** > > JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,**** > > CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,**** > > CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,**** > > CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.**** > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the following names to the security issues fixed in**** > > JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,**** > > CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,**** > > CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,**** > > CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.**** > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the following names to the security issues fixed in**** > > JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864,**** > > CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,**** > > CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,**** > > CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,**** > > CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,**** > > CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.**** > > ** ** > > There are many more issues that exist with the bundled JVM that are not > listed above. See here for a more comprehensive list, which unfortunately > only goes back to 2007, so updates to the bundled JVM between it's release > date and 2007 are not outlined on the following pages:**** > > http://blogs.oracle.com/sunsecurity/tags/java**** > > > http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#AppendixJAVA > **** > > ** ** > > Of particular concern are the following:**** > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556**** > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557**** > > ** ** > > I don't understand why the JVM is bundled with the product. Flashboards, > email engine, and the main ARServer Java plugin server do not have a > bundled JVM, but these particular components do.**** > > ** ** > > This applies to the plugin server used to load the following plugins:**** > > DSM.FILTER (dsm.jar)**** > > BMC.ARDBC.ATRIUM.API (atrium-ar-kit.jar)**** > > AIS.FILTERAPI (ais.jar)**** > > RMDY.ITSM.RLE (rle.jar)**** > > ** ** > > And also to another plugin server used to load the following plugins:**** > > BMC.FILTERAPI.NORM.ENGINE (neplugin75.jar)**** > > ** ** > > Applicable Environment Information:**** > > - ARServer 7.5 Patch 3**** > > - CMDB 7.5.00 Patch 005**** > > - Platform: Solaris 10**** > > ** ** > > Questions I have for anyone willing to answer:**** > > - Is the JVM bundled with later versions of the CMDB the same version or > has it been updated?**** > > - Is it possible to use a different JVM for these 2 plugin servers without > impacting the stability of the plugins or is there some > inherent dependency on that specific JVM? I can easily re-point the plugin > server to a later release of Java in these files:**** > > ** ** > > /path/to/AtriumCore/server/cmdb/server/bin/normeng.sh**** > > /path/to/AtriumCore/server/cmdb/server/bin/atriumplugin.sh**** > > ** ** > > Axton Grams**** > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ **** > > ** ** > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ **** > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
