Update the Server Side Version of Java

Overview

Percussion Rhythmyx uses Java technologies on the server for the application server and on client desktops to run features like the Content Explorer. For consistency in customer experience, Percussion server products ship with a bundled Java Runtime.

This document covers the server-side Java versions that are included with Percussion product versions, and includes a manual procedure for updating the version of Java in a supportable fashion for customers that have that requirement.   

When applying a Java update to Rhythmyx, a general rule is that the product will be compatible with patch releases on the minor version of Java shipped.  For example, Rhythmyx 7.2.0 shipped with Java 1.6.0 Update 25. This means that the Rhythmyx server would compatible with version 1.6.0 Update 43, but not with Java 1.7.0.   

It is important to note that the server-side version of Java has nothing to do with the version of Java that run on end-user desktops or workstations.

Rhythmyx - Server Java Version

Product

Version

Server Java Version

Latest Patched Java Version

Recommendation

Rhythmyx

7.3.2

1.8.0_172-b11

Java SE Runtime Environment Downloads

  • Update Java

Rhythmyx

7.2.0

1.6.0_25-b06

Java SE Runtime Environment Downloads

  • Update Java

Rhythmyx

7.1.0

1.6.0_25-b06

Java SE Runtime Environment Downloads


  • Upgrade to 7.3.2

  • Update Java

Rhythmyx

7.0.3

1.6.0_25-b06

Java SE Runtime Environment Downloads

  • Upgrade to 7.3.2

  • Update Java

Rhythmyx

6.7

1.6.0_13-b03

Java SE Runtime Environment Downloads

  • Upgrade to 7.3.2

  • Update Java

Rhythmyx

6.5.2

1.5.0_12-b04

Java SE Runtime Environment 5.0u22

  • Upgrade to 7.3.2

Rhythmyx

5.71

1_42_90

N/A

  • Upgrade to 7.3.2

 

64-bit versus 32-bit Java

Rhythmyx ships with support for 32 or 64-bit Java on Linux and Windows.  Customers wishing to convert an existing installation from 32-bit to 64-bit may do so by selecting the corresponding 64-bit Java version when downloading the update from Oracle.   When installed correctly there should be 4 directories containing the JRE.

JRE

JRE64

JRE-SHIPPED

JRE64-SHIPPED

NOTE:  The server and operating system that Rhythmyx is installed on must support 64-bit.  Downloading 64-bit Java onto a 32-bit operating system will not work.

The known incompatibilities with the 64-bit JRE and Rhythmyx on Linux are:

  • The Content Explorer revision compare tool does not function

  • Workbench requires the 32-bit JRE

 

With 64-bit support enabled, the memory set aside for Rhythmyx can be increased to utilize the total amount of RAM available on the server and is no longer limited to the 2 GB range.

 

How to Update the Shipped JRE

The JRE and JRE64 directories off of the install root contain the Java Runtime. 64-bit Java is installed to the JRE64 folder, 32-bit Java is installed in the JRE folder.   For customers updating from 32-bit to 64-bit for the first time use JRE64 for the folder name for the 64-bit JRE and JRE for the 32-bit JRE.

Updating the JRE

  1. Download the latest JRE 1.8 updates from Oracle that is appropriate for your platform. Download the '.tar.gz' file.

For example: http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

  1. Shutdown Rhythmyx and shutdown any running tools like MSM, Work Bench, or Server Administrator.

  1. Rename the existing <Rhythmy Install Dir>/JRE directory to <Rhythmy Install Dir>/SHIPPED-JRE  The purpose of this step is to provide the ability to roll back to the shipped version in the event of an incompatible Java update, or when troubleshooting problems with Technical Support.

  1. Unzip the JRE to <Rhythmy Install Dir>/JRE (NOTE: on Linux systems the JRE is typically extracted to a sub-directory and will need to be moved up a level after the install).

    1. Confirm that Java was installed correctly by opening a command prompt or shell and changing to the <Rhythmy Install Dir>/JRE/bin directory.

    2. Run <Rhythmy Install Dir>/JRE/bin/javac -version to confirm that java was successfully installed. For example: <Rhythmyx_Home>\JRE64\bin\javac -version javac 1.8.0_172

  1. Verify the server lax files point to the correct  <Rhythmy Install Dir>/JRE location. The LAX files are located in <Rhythmy Install Dir>.  Windows installations may contain LAX files for the developer and server tools as well. Open each file in a text editor and search for JRE or JRE64,  confirm that references to the JRE to point to the new JRE and  JRE64 directory that you just created.  

    1. RhythmyxServer.bin.lax or RhythmyServer.lax

    2. RhythmyxMultiServerManager.lax

    3. RhythmyxServerAdministrator.lax

    4. RhythmyxServerPropertiesEditor.bin.lax or RhythmyxServerPropertiesEditor.lax

    5. RhythmyxWorkbench.lax (Requires 32-bit JRE)

    6. Synchronizer.bin.lax or Synchronizer.lax

  2. Copy any customizations/configurations made to the stock SHIPPED-JRE into the new updated folder.  This may include security policy updates, cacerts, keystore files, etc.

  1. Restart Rhythmyx and confirm the new Java version in the server startup log.  Watch the startup log for any unexpected errors.  Should unexpected errors occur, shutdown the server and reverse the steps, ending by renaming the JRE-SHIPPED folder to JRE and restart the server. Report any unexpected errors to the support community at community.percussion.com and to Technical Support.

How to Update the shipped Bouncy Castle and JCE Policy

To update the Bouncy Castle jars, follow the steps below. Release 1.59 being the latest for bouncy castle we are referring the relevant jars in the below steps.

  • Download the latest bouncy castle jars from https://www.bouncycastle.org/latest_releases.html
  • Copy bcpkix-jdk15on-159.jar, bctls-jdk15on-159.jar, bcprov-ext-jdk15on-159.jar and bcprov-jdk15on-159.jar to JRE/lib/ext
  • Remove the bouncy castle related jar from the location <Rhythmyx_Home>/AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/lib from before. For eg: bcp*147.jar files. We would advice you to keep a backup, so the jars can be reverted if needed.
  • Copy bcprov-jdk15on-159.jar, bcprov-ext-jdk15on-159.jar, bcpkix-jdk15on-159.jar, bcmail-jdk15on-159.jar, bcpg-jdk15on-159.jar and bctls-jdk15on-159.jar to <Rhythmyx_Home>/AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/lib.
  • Remove the bouncy castle related jar from the location <Rhythmyx_Home>/jetty/base/webapps/Rhythmyx/WEB-INF/lib from before. For eg: bcp*147.jar files. We would advice you to keep a backup, so the jars can be reverted if needed.
  • Copy bcprov-jdk15on-159.jar, bcprov-ext-jdk15on-159.jar, bcpkix-jdk15on-159.jar, bcmail-jdk15on-159.jar, bcpg-jdk15on-159.jar and bctls-jdk15on-159.jar to <Rhythmyx_Home>/jetty/base/webapps/Rhythmyx/WEB-INF/lib.
  • Edit JRE/lib/security/java.security and update the security providers like so:

security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
security.provider.12=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider

  • This also applies to JRE64/lib/security/java.security if using 64-bit java.


To install/upgrade the Java Cryptography Extension policy files:

  1. Download the zip for Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 from

    For example: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

  2. Locate the two existing policy files:
    • local_policy.jar
    • US_export_policy.jar
  3. Look in <Rhythmyx_Home>/JRE/lib/security/ and if using 64-bit Java also look in <Rhythmyx_Home>/JRE64/lib/security/
  4. Unzip the file downloaded in step 1.
  5. Replace the files mentioned in step 2 with the ones obtained in the unzipped folder.

 

Frequent Questions

Can I use any JRE version, like Open JRE or do I have to use Oracle’s?

The JRE must be an official Oracle JRE at this time.  That may change in future updates.

 

Will this affect the Java applet or Desktop Content Explorer?

No.  This update only effects the server.

 

Can I use JRE 1.9, 10 or greater?

Not at this time. Java 1.8 is the highest version of Java that Rhythmyx supports.

 

Rhythmyx is getting flagged by an I.T. security scan on my network for a Java version vulnerability, is there a patch?

The JRE may now be updated by Rhythmyx Patches as well as Release Upgrades.  If an issue arises between patches or releases, please notify Technical Support of the issue and they can verify wether a patch is pending, if a Patch won't be available in your timeline, you can follow the instructions in this document to update the JRE.

 

How can it support 64 bit if the binaries like RhythmyxDaemon are still 32-bit?

The binaries shipped are very light weight launcher scripts responsible for spawning batch files and shell scripts that fork and manage the actual Java server.  As a result, 32-bit executables can launch the 64-bit java process.

Leave a comment

*
*