Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DanielRobinson
Occasional Contributor
Occasional Contributor

8.6 P4 caused Java version to downgrade. Why?

Updated RSA AM appliance from 8.6 P3 to 8.6 P4.  Prior to the update to P4, Java had been at 1.8.0_331.  After the update to P4, Java version dropped to 1.8.0_301.  Why was this necessary?  Now, the security scan result is worse.  

0 Likes
3 Replies
EricaChalfin
Moderator Moderator
Moderator

@DanielRobinson,

According to the Authentication Manager 8.6 patch 4 read me, Java is rolled back to 1.8.0_331, not 1.8.0_301. What do you see if you navigate to /opt/rsa/am/appserver/jdk/jre/bin and run ./java -version?

FYI, Java will be updated in Authentication Manager 8.7 patch 1 to 1.8.0_341.


Best regards,
Erica

The Primary running 8.6 Patch 4 shows java version found at /opt/rsa/am/appserver/jdk/jre/bin to be 1.8.0_301. And for comparison, I have not updated the Replica yet, so it is still at 8.6 Patch 3, and its /opt/rsa/am/appserver/jdk/jre/bin/version shows 1.8.0_331. Based on what I am seeing, I would expect the Replica to have the same unwanted thing happen in that it will also downgrade to 1.8.0_301 were I to update it to Patch 4. I'll just plan not to do this update. If RSA did intend for Java to "roll back," their documentation has a typo in that the version numbers are reversed. My appliance started at 331 and went down to 301, not the other way around.
0 Likes

@DanielRobinson,

Thank you for reporting this information. I have notified our engineering team about this issue.  Please check your email shortly.


Best regards,
Erica
0 Likes