Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.
SOLVED

on-prem AEM: which uber-jar should I be using? (or where to find release notes for uber-jars)

Avatar

Level 9
Level 9
8/15/23 8:42:21 PM

So our IT security has done a scan and found out the 6.4.0 uber-jar we're using has some vulternability.

 

I need to find out which uber-jar version has a fix for this vulnerability.

 

PS. we're currently on 6.4.2 and our uber-jar is on 6.4.0

 

Thank you.

EDIT: this is vulnerability: "CVE-2017-7658" eclipse jetty server

Views

982

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/15/23 9:32:41 PM

Hello @jayv25585659 

 

There are couple of options:

  1. Go through release notes manually https://github.com/AdobeDocs/experience-manager-64.en/blob/main/help/release-notes/release-notes.md
  2. Raise an Adobe ticket

 

6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.

 

 

Aanchal Sikka

View solution in original post

Views

969

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
8/15/23 9:32:41 PM

Hello @jayv25585659 

 

There are couple of options:

  1. Go through release notes manually https://github.com/AdobeDocs/experience-manager-64.en/blob/main/help/release-notes/release-notes.md
  2. Raise an Adobe ticket

 

6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.

 

 

Aanchal Sikka

Views

970

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 9
Level 9
8/15/23 10:58:31 PM

Hi @jayv25585659 ,

We had a similar kind of vulnerability on the log4j reference through uber jar. We went and raised an adobe ticket and in our case the CSE was able to respond with resolution as not exploitable or the other case will be they will recommend you to upgrade to the latest AEM version and the Uber jar where the fix would have made on the latest Eclipse Jetty Server 9.5x and above.

Views

957

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
8/16/23 1:38:54 AM

@jayv25585659 

The AEM Uber jar includes all AEM APIs as a single dependency in your Maven project’s pom.xml. It is always a best practice to include the Uber Jar as a single dependency instead of including individual AEM API dependencies. When upgrading the code base, change the version of the Uber Jar to point to the target version of AEM. If your project was developed on a version of AEM before the existence of the Uber Jar, remove all individual AEM API dependencies. Replace them with a single inclusion of the Uber Jar for the target version of AEM. Recompile the code base against the new version of the Uber Jar. Update any deprecated APIs or methods so they are compatible with the target version of AEM.

Views

937

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM grid and boostrap Solved

Views

80

Likes

0

Replies

3
How to retain jcr:created date while installing content package in AEM instance?

Views

53

Likes

0

Replies

1
Tagmanager.resolve all returns null on AEM 6.5 publish instance

Views

87

Likes

0

Replies

4
Migrate Content from AMS to AEMaaCS

Views

67

Likes

0

Replies

1
AEM- Adobe Commerce integration - Magento request headers missing in Graphql calls

Views

37

Likes

0

Replies

1