Hi Team,
We are getting security vulnerabilities since our JVB in our Jitsi application is still using JDK of 11.0.15. We are rebuilding the containers with latest version of jitsi but still its showing 11.0.15 in jvb.
Please help us how can we have latest JDK (11.0.16) that comes from Jitsi latest release.
Regards,
Usha.
If you are using our containers when all you need to do is rebuild the container without a cache, that is, a force rebuild.
That will rebuild it from scratch and will install the latest OpenJDK 11 available in Debian, which is 10.0.16: Debian -- Details of package openjdk-11-jre in bullseye
@saghul Can you please tell me how i can force rebuild the containers without using cache. I am newbie to Jitsi, need your help please.
if you clone out repo then FORCE_REBUILD=1 make will do that.
Hi @saghul Thanks for the update. That dint work for me. I have rebuilt jitsi on docker again from stable release latest version.
I have one more doubt. Whenever there is a new release in stable… how to update the jitsi with that latest stable release. Do i need to change the version here image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-8044-1} and do “docker-compose up -d”? Or is there any other way without rebuilding the entire setup.
It’s best to download the stable release and run docker-compose up --force-recreate
That will pull the new images, and recreate the containers with the new image. Data is preserved.
Hi @saghul,
Thanks for the update.
I have just recreated the containers with latest stable version but its still showing java 11.0.16 in JVB. We have got a security vulnerability for this java version to be upgraded to > 11.0.16 version.
When the latest java (11.0.17) will be released for JVB?
There is no 11.0.17 available in Debian AFAIS. What security problem are you referring to?
Hi @saghul,
Its not Debain Jitsi. We are using Jitsi in Docker which is configured on a RHEL machine.
Earlier whenever i used to upgrade these containers, OpenJdk of JVB was keep updating along with latest stable version.
But after OpenJDK11.0.16, JVB was not updating with OpenJDK 11.0.17 even after i recreate the containers to get the latest code.
We are getting a security vulnerability as below. Kindly provide us a solution how we can upgrade OpenJDK in JVB.
OpenJDK 7 <= 7u351 / 8 <= 8u342 / 11.0.0 <= 11.0.16 / 13.0.0 <= 13.0.12 / 15.0.0 <= 15.0.8 / 17.0.0 <= 17.0.4 / 19.0.0 <= 19.0.0 Multiple Vulnerabilities (2022-10-18
/var/lib/docker/overlay2/953fce74e729f2a274705282c79ffad45df6f04fcefc41a30b560bec7af2df77/diff/usr/lib/jvm/java-11-openjdk-amd64/
Installed version : 11.0.16
Fixed version : Upgrade to a version greater than 11.0.16
Please check the below screenshot.
Jitsi containters use Debian as the base. Your OS is irrelevant here if you are using Docker.
Since we install OpenJDK from Debian this is the one you are getting: Debian -- Details of package openjdk-11-jdk-headless in bullseye
So the latest OpenJDK from Debian is 11.0.16+8, correct?
Yes.