This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DanielRobinson
Occasional Contributor
Occasional Contributor
‎2022-09-23 02:02 PM

8.6 P4 caused Java version to downgrade. Why?

Jump to solution

Updated RSA AM appliance from 8.6 P3 to 8.6 P4.  Prior to the update to P4, Java had been at 1.8.0_331.  After the update to P4, Java version dropped to 1.8.0_301.  Why was this necessary?  Now, the security scan result is worse.  

Reply
1 Solution

Accepted Solutions
EricaChalfin
Moderator Moderator
Moderator
In response to DanielRobinson
‎2022-09-26 10:17 AM

Jump to solution

@DanielRobinson,

Thank you for reporting this information. I have notified our engineering team about this issue.  Please check your email shortly.


Best regards,
Erica

View solution in original post

0 Likes
Reply
3 Replies
EricaChalfin
Moderator Moderator
Moderator
‎2022-09-23 03:12 PM

Jump to solution

@DanielRobinson,

According to the Authentication Manager 8.6 patch 4 read me, Java is rolled back to 1.8.0_331, not 1.8.0_301. What do you see if you navigate to /opt/rsa/am/appserver/jdk/jre/bin and run ./java -version?

FYI, Java will be updated in Authentication Manager 8.7 patch 1 to 1.8.0_341.


Best regards,
Erica
Reply
DanielRobinson
Occasional Contributor
Occasional Contributor
In response to EricaChalfin
‎2022-09-26 09:48 AM

Jump to solution
The Primary running 8.6 Patch 4 shows java version found at /opt/rsa/am/appserver/jdk/jre/bin to be 1.8.0_301. And for comparison, I have not updated the Replica yet, so it is still at 8.6 Patch 3, and its /opt/rsa/am/appserver/jdk/jre/bin/version shows 1.8.0_331. Based on what I am seeing, I would expect the Replica to have the same unwanted thing happen in that it will also downgrade to 1.8.0_301 were I to update it to Patch 4. I'll just plan not to do this update. If RSA did intend for Java to "roll back," their documentation has a typo in that the version numbers are reversed. My appliance started at 331 and went down to 301, not the other way around.
0 Likes
Reply
EricaChalfin
Moderator Moderator
Moderator
In response to DanielRobinson
‎2022-09-26 10:17 AM

Jump to solution

@DanielRobinson,

Thank you for reporting this information. I have notified our engineering team about this issue.  Please check your email shortly.


Best regards,
Erica
0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.