Thanks David. The thing that threw me off here is that the CMDB plugin servers, by default, as part of the installation, use the bundled JVM.
Axton Grams On Thu, Dec 15, 2011 at 1:01 PM, Rick Cook <[email protected]> wrote: > ** > > David, why doesn't the installer use the Java version the customer has > likely already installed? Is there a technical reason it needs to actually > install its own version? > > Rick > On Dec 15, 2011 1:58 PM, "Easter, David" <[email protected]> wrote: > >> ** >> >> The bundled JVM/JRE is supplied for use by the installer because the >> installer needs it. Once the installation is complete, use of the bundled >> JVM/JRE is used by some customers as a convenience, but it is not a >> requirement. It is not meant to restrict any customer to using that >> version during run time or convey that the provided version is the only one >> supported. Customers are welcome to use any supported version of Java >> that they see fit and/or patch/upgrade the supplied one. **** >> >> ** ** >> >> -David J. Easter**** >> >> Manager of Product Management, Remedy Platform**** >> >> BMC Software, Inc.**** >> >> **** >> >> The opinions, statements, and/or suggested courses of action expressed in >> this E-mail do not necessarily reflect those of BMC Software, Inc. My >> voluntary participation in this forum is not intended to convey a role as a >> spokesperson, liaison or public relations representative for BMC Software, >> Inc.**** >> >> ** ** >> >> *From:* Action Request System discussion list(ARSList) [mailto: >> [email protected]] *On Behalf Of *Jason Miller >> *Sent:* Thursday, December 15, 2011 9:47 AM >> *To:* [email protected] >> *Subject:* Re: CMDB - Bundled JVM**** >> >> ** ** >> >> ** It is a little more current (very little) on my 7.6.04 SP2 Windows >> server.**** >> >> ** ** >> >> \PathToInstall\BMC Software\AtriumCore\BMCAtriumCoreInstallJVM\bin>java >> -version**** >> >> java version "1.5.0_11"**** >> >> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)**** >> >> Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode)**** >> >> ** ** >> >> Jason**** >> >> ** ** >> >> ** ** >> >> On Thu, Dec 15, 2011 at 9:32 AM, Axton <[email protected]> wrote:**** >> >> ** Does anyone know why certain components of ITSM come bundled with an >> ancient version of the Sun JRE?**** >> >> ** ** >> >> Atrium Core comes bundled with this JVM:**** >> >> ** ** >> >> [user@server bin]$ pwd**** >> >> /path/to/AtriumCore/server/BMCAtriumCoreInstallJVM/bin**** >> >> ** ** >> >> [user@server bin]$ ./java -version**** >> >> java version "1.5.0_09"**** >> >> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)**** >> >> Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode)**** >> >> ** ** >> >> The following security issues are not addressed in the bundled JVM:**** >> >> ** ** >> >> The Common Vulnerabilities and Exposures project (cve.mitre.org) has >> assigned the following names to the security issues fixed in**** >> >> JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,**** >> >> CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,**** >> >> CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,**** >> >> CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.**** >> >> The Common Vulnerabilities and Exposures project (cve.mitre.org) has >> assigned the following names to the security issues fixed in**** >> >> JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,**** >> >> CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,**** >> >> CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,**** >> >> CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.**** >> >> The Common Vulnerabilities and Exposures project (cve.mitre.org) has >> assigned the following names to the security issues fixed in**** >> >> JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864,**** >> >> CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,**** >> >> CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,**** >> >> CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,**** >> >> CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,**** >> >> CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.**** >> >> ** ** >> >> There are many more issues that exist with the bundled JVM that are not >> listed above. See here for a more comprehensive list, which unfortunately >> only goes back to 2007, so updates to the bundled JVM between it's release >> date and 2007 are not outlined on the following pages:**** >> >> http://blogs.oracle.com/sunsecurity/tags/java**** >> >> >> http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#AppendixJAVA >> **** >> >> ** ** >> >> Of particular concern are the following:**** >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556**** >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557**** >> >> ** ** >> >> I don't understand why the JVM is bundled with the product. Flashboards, >> email engine, and the main ARServer Java plugin server do not have a >> bundled JVM, but these particular components do.**** >> >> ** ** >> >> This applies to the plugin server used to load the following plugins:**** >> >> DSM.FILTER (dsm.jar)**** >> >> BMC.ARDBC.ATRIUM.API (atrium-ar-kit.jar)**** >> >> AIS.FILTERAPI (ais.jar)**** >> >> RMDY.ITSM.RLE (rle.jar)**** >> >> ** ** >> >> And also to another plugin server used to load the following plugins:**** >> >> BMC.FILTERAPI.NORM.ENGINE (neplugin75.jar)**** >> >> ** ** >> >> Applicable Environment Information:**** >> >> - ARServer 7.5 Patch 3**** >> >> - CMDB 7.5.00 Patch 005**** >> >> - Platform: Solaris 10**** >> >> ** ** >> >> Questions I have for anyone willing to answer:**** >> >> - Is the JVM bundled with later versions of the CMDB the same version >> or has it been updated?**** >> >> - Is it possible to use a different JVM for these 2 plugin servers >> without impacting the stability of the plugins or is there some >> inherent dependency on that specific JVM? I can easily re-point the plugin >> server to a later release of Java in these files:**** >> >> ** ** >> >> /path/to/AtriumCore/server/cmdb/server/bin/normeng.sh**** >> >> /path/to/AtriumCore/server/cmdb/server/bin/atriumplugin.sh**** >> >> ** ** >> >> Axton Grams**** >> >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ **** >> >> ** ** >> >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ **** >> _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
