on-prem AEM: which uber-jar should I be using? (or where to find release notes for uber-jars) | Community
Skip to main content
jayv25585659
jayv25585659
Level 8
August 16, 2023
Solved

on-prem AEM: which uber-jar should I be using? (or where to find release notes for uber-jars)

  • August 16, 2023
  • 4 replies
  • 2659 views

So our IT security has done a scan and found out the 6.4.0 uber-jar we're using has some vulternability.

 

I need to find out which uber-jar version has a fix for this vulnerability.

 

PS. we're currently on 6.4.2 and our uber-jar is on 6.4.0

 

Thank you.

EDIT: this is vulnerability: "CVE-2017-7658" eclipse jetty server

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by aanchal-sikka

Hello @jayv25585659 

 

There are couple of options:

  1. Go through release notes manually https://github.com/AdobeDocs/experience-manager-64.en/blob/main/help/release-notes/release-notes.md
  2. Raise an Adobe ticket

 

6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.

 

 

4 replies

aanchal-sikka
Community Advisor
aanchal-sikkaCommunity AdvisorAccepted solution
Community Advisor
August 16, 2023

Hello @jayv25585659 

 

There are couple of options:

  1. Go through release notes manually https://github.com/AdobeDocs/experience-manager-64.en/blob/main/help/release-notes/release-notes.md
  2. Raise an Adobe ticket

 

6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.

 

 

Aanchal Sikka
    sherinregi-1
    Community Advisor
    sherinregi-1Community Advisor
    Community Advisor
    August 16, 2023

    Hi @jayv25585659 ,

    We had a similar kind of vulnerability on the log4j reference through uber jar. We went and raised an adobe ticket and in our case the CSE was able to respond with resolution as not exploitable or the other case will be they will recommend you to upgrade to the latest AEM version and the Uber jar where the fix would have made on the latest Eclipse Jetty Server 9.5x and above.

      Jagadeesh_Prakash
      Community Advisor
      Jagadeesh_PrakashCommunity Advisor
      Community Advisor
      August 16, 2023

      @jayv25585659 

      The AEM Uber jar includes all AEM APIs as a single dependency in your Maven project’s pom.xml. It is always a best practice to include the Uber Jar as a single dependency instead of including individual AEM API dependencies. When upgrading the code base, change the version of the Uber Jar to point to the target version of AEM. If your project was developed on a version of AEM before the existence of the Uber Jar, remove all individual AEM API dependencies. Replace them with a single inclusion of the Uber Jar for the target version of AEM. Recompile the code base against the new version of the Uber Jar. Update any deprecated APIs or methods so they are compatible with the target version of AEM.

        arunpatidar
        Community Advisor
        arunpatidarCommunity Advisor
        Community Advisor
        August 16, 2023

        Try updating uber jar to 6.4.2

        https://mvnrepository.com/artifact/com.adobe.aem/uber-jar/6.4.2 

        Arun Patidar
          Terms & ConditionsAccessibility statement

          Loading footer...