CABI ships Oracle JDK 1.6 Update 35 with CABI 3.3 SP1 (aka CABI r3.2 SP6).
Certain security scan software might detect vulnerabilities with JDK Update 35 and earlier. To address these vulnerabilities, JDK 6 Update 36 and later can be used. Please be aware that the JDK has to be 32-bit not 64-bit.
This document will provided steps on how to upgrade JDK supplied with CABI 3.3 SP1 to address potential security vulnerabilities.
- Take a backup/snapshot of the CABI server and CMS database
- Stop Tomcat and SIA from the Central Configuration Manager (CCM)
- Go to the "SC\CommonReporting3\Tomcat7\work\Catalina\localhost" folder on the CABI server and delete the contents of this folder.
- Go to the "SC\CommonReporting3\" folder on the CABI server and rename folder javasdk to javasdk_original. Create a new folder called javasdk in the same location.
- Download the JDK installer file 'jdk-6u45-windows-i586' from http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase6-419409.html#jdk-6u45-oth-JPR
- Run the JDK installer with 'Run as Administrator"
- Change the installation folder of the JDK to "SC\CommonReporting3\javasdk".
- A JRE installation will start after the JDK installation. Change the installation folder to "SC\CommonReporting3\javasdk\jre6".
- Once the installation is complete, restart Tomcat and SIA from the CCM
- Wait a few minutes for Java and Tomcat to fully initialize and test report functionality.