DFS ESA for Java Vulnerabilities

EMC published ESA-2015-017: EMC Documentum Foundation Services (DFS) Security Update for Oracle Java Runtime Environment (JRE) recommending an upgrade to Java JRE 7u72 on the DFS server and client machines.  The vulnerabilities addressed by this update are described at Oracle CPU for October 2014.

I find this ESA puzzling.  First, the ESA suggests upgrading DFS to v7.2.  I can’t find DFS v7.2, can you?  (DFS v7.1 patch 13 was issued in Jan 2015.)  It is unclear whether DFS must be upgraded to the (mythical) v7.2 to work with Java JRE 7u72 or is simply upgrading the JRE sufficient to address the vulnerabilities.  Second, Java 7u75 is the latest Java version, why doesn’t the ESA recommend updating to Java 7u75?

Can anyone shed some light on this?

Note, the end of public updates for Java 7 is scheduled for April 2015.  At that point, I suspect EMC will provide ESAs or ETAs recommending upgrading to Java 8 and issuing the requisite patches for their products.

UPDATE: ESA-2015-016: EMC Documentum Content Server Security Update for Oracle Java Runtime Environment (JRE) covers essentially the same vulnerabilities for the Content Server platform.

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

2 Responses to DFS ESA for Java Vulnerabilities

  1. Everything in Documentum that is related to JRE support can not be explained without a bottle of vodka. According to ESRG, JDK (not JRE) is required to host DFS service, so, installing/upgrading JRE on DFS host does not make sense. However, DFS provides UCF service as well, and this service is consumed by JRE clients, it seems that EMC is not going to certify lastest JRE against DFS 7.1.

    Like

  2. Pingback: ESA for Documentum Content Server and JRE | dm_misc: Miscellaneous Documentum Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: