Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

on-prem AEM: which uber-jar should I be using? (or where to find release notes for uber-jars)

Avatar

Level 9
Level 9
8/15/23 8:42:21 PM

So our IT security has done a scan and found out the 6.4.0 uber-jar we're using has some vulternability.

 

I need to find out which uber-jar version has a fix for this vulnerability.

 

PS. we're currently on 6.4.2 and our uber-jar is on 6.4.0

 

Thank you.

EDIT: this is vulnerability: "CVE-2017-7658" eclipse jetty server

Views

1.2K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/15/23 9:32:41 PM

Hello @jayv25585659 

 

There are couple of options:

  1. Go through release notes manually https://github.com/AdobeDocs/experience-manager-64.en/blob/main/help/release-notes/release-notes.md
  2. Raise an Adobe ticket

 

6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.

 

 

Aanchal Sikka

View solution in original post

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
8/15/23 9:32:41 PM

Hello @jayv25585659 

 

There are couple of options:

  1. Go through release notes manually https://github.com/AdobeDocs/experience-manager-64.en/blob/main/help/release-notes/release-notes.md
  2. Raise an Adobe ticket

 

6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.

 

 

Aanchal Sikka

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
8/15/23 10:58:31 PM

Hi @jayv25585659 ,

We had a similar kind of vulnerability on the log4j reference through uber jar. We went and raised an adobe ticket and in our case the CSE was able to respond with resolution as not exploitable or the other case will be they will recommend you to upgrade to the latest AEM version and the Uber jar where the fix would have made on the latest Eclipse Jetty Server 9.5x and above.

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
8/16/23 1:38:54 AM

@jayv25585659 

The AEM Uber jar includes all AEM APIs as a single dependency in your Maven project’s pom.xml. It is always a best practice to include the Uber Jar as a single dependency instead of including individual AEM API dependencies. When upgrading the code base, change the version of the Uber Jar to point to the target version of AEM. If your project was developed on a version of AEM before the existence of the Uber Jar, remove all individual AEM API dependencies. Replace them with a single inclusion of the Uber Jar for the target version of AEM. Recompile the code base against the new version of the Uber Jar. Update any deprecated APIs or methods so they are compatible with the target version of AEM.

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM dispatcher not serving page from publisher

Views

8

Likes

0

Replies

0
Universal Editor - Use case Query

Views

48

Likes

0

Replies

1
Replication Event Listener stopped working on AEMaaCS Publisher

Views

118

Likes

0

Replies

5
Create Content Fragment with more than one variations from Excel File

Views

85

Likes

0

Replies

0
RTE full options not appearing in minimized view AEM 6.5 cloud

Views

140

Likes

0

Replies

4