search cancel

Clarity third libraries jar versions

book

Article ID: 215131

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

We are looking to identify version numbers of utility jars in the application lib directory for clarity. Our technology risk organization routinely scans the applications in order to find at risk versions with potential bugs in it.

How to find out what version is each jar file?

Environment

Release : Any

Component : CA PPM INTEGRATIONS & INSTALLATIONS

Resolution

We typically use the third party libraries that are stable and do not change them often to ensure stability. 

To find out the version of each jar you have to open it with ZIP and open the MANIFEST.MF file, it will contain the actual version. 

We do not support replacing the 3rd party libraries, so even if you find any of them are outdated, you will not be able to change them. You can only upgrade to latest version to see if it was something that was updated or not.

Typically changing a library involves a lot of areas in the application that may be affected and need heavy testing, this is why we go with verified, stable versions most of the time, and change them few at a time. If you still have scan vulnerability reports, perhaps what you can do is ask for exception for Clarity PPM jar files. Alternatively bring this up on the PM Office Hours.