I upgraded to 10.4 on my non-prod servers and had them scanned. The scan showed Oracle JRE files left over from older Spectrum versions, e.g.:
On the SS servers we are getting the following:
The following vulnerable instances of Java are installed on the
remote host :
Path : /opt/CA/spectrum/Java/
Installed version : 1.8.0_172
Fixed version : 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1
Path : /opt/CA/spectrum/Java/
Installed version : 1.8.0_172
Fixed version : 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1
These files are not present in a fresh install of Spectrum 10.4.x
Why is this happening, even though Spectrum 10 uses AdoptOpenJDK JRE rather than Oracle Java?
Release : 10.4
Component : Spectrum Core / SpectroSERVER
During an upgrade, the old jre does not get removed. The old JDK will be upgraded on install.