How to upgrade JRE on DLP 15.5/15.7

book

Article ID: 207478

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

You need to upgrade the JRE version on DLP Enforce and Detection servers.

Cause

Older versions of Java are out-of-date or have reported vulnerabilities.

Environment

DLP 15.5/15.7

Enforce/Detection servers

Resolution

Download the Windows OpenJRE 8 262 from:
https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u262-b10/OpenJDK8U-jre_x64_windows_hotspot_8u262b10.msi

Download the Linux OpenJRE 8 262 from : 
https://adoptopenjdk.jfrog.io/adoptopenjdk/rpm/rhel/8/x86_64/Packages/adoptopenjdk-8-hotspot-jre-8u262-b10-2.x86_64.rpm

 

SPECIAL INSTRUCTIONS NEEDED FOR ENDPOINT SERVERS
==============================================

Before installing on an Endpoint Server, be aware of the following workaround required when using with DLP 15.5, or 15.7.
If this workaround is not applied, Endpoint Agents will not be able to connect to the endpoint server if it is running this new version of JRE.

  1. Go to the Advanced Settings for the Endpoint Detection Server in the Enforce UI.
  2. Find the attribute "BoxMonitor.EndpointServerMemory" and append the following to the end of the field:
    -Djdk.security.allowNonCaAnchor=true  
  3. Restart the Endpoint Detection Server.

=============

You will need to use the 15.7 ServerJREMigrationUtility.exe after installing the OpenJRE to change the JRE DLP Services are using the following steps.

Windows
1. Unzip JREMigrationUtility.zip file anywhere on your system. 

2. Open command line and navigate to extracted JreMigrationUtility\Migrator folder
3. From the Migrator folder run: ServerJREMigrationUtility.exe -silent -jreDirectory=<path to jre folder> -sourceVersion=<dlp version currently running to be updated>

4. Check log files in the Migrator folder called MigrationUtility.log. At the end of the file you should see line such as "Finished executing all migration actions"

example :

extract files to C:\JREMigrationUtility

cd C:\JREMigrationUtility\Migrator

ServerJREMigrationUtility.exe -silent -jreDirectory="C:\Program Files\AdoptOpenJDK\jre-8.0.262.10-hotspot" -sourceVersion=15.5

Linux
1. Unzip JREMigrationUtility.zip file anywhere on your system. 

2. Open terminal window and navigate to extracted JreMigrationUtility\Migrator folder
3. From the Migrator folder run: ./ServerJREMigrationUtility -silent -jreDirectory=<path to jre folder> -sourceVersion=<dlp version currently running to be updated>

4. Check log files in the Migrator folder called MigrationUtility.log. At the end of the file you should see line such as "Finished executing all migration actions"

example :

unzip JREMigrationUtility.zip -d /JREMigrationUtility

cd /JREMigrationUtility/Migrator

./ServerJREMigrationUtility -silent -jreDirectory="/usr/lib/jvm/adoptopenjdk-8-hotspot-jre" -sourceVersion=15.5