We have a JIRA 7.7.0 instance running on RHEL 7 server. In Nessus Security Center, we are showing several vulnerabilities related to the JRE that is bundled with JIRA. The current Java version is 1.8.0_102, which Nessus is complaining about. My question is, can we safely replace the bundled JRE with a more up to date version to keep our system in compliance? If not, is there a timeline on updating JIRA to use a more recent version of Java?
I have over the past decade never used any bundled Java version and I had never any problems.
I think, it is save to update the JRE. But best practice in such situations (like OS Upgrade, JRE or DB Changes) - always perform these changes to a staging environment, first.
And: Read the release notes. Sometimes special JRE versions are excluded due to known issues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.