Hello,
I’m going to install OpenFire on a linux server and I ask me a question about Java.
OpenFire works on a virtual machine java but there are a lot of updates because specialists find security vulnerabilities.
Are there risks for the openfire server ?
Are there troubles for the openfire server to update Java ?
When an update of java is available, the openfire server have to be stop ?
Thank you.
Best regards.
Kenny.
Java vulnerabilities are mostly affecting users browsing the web (and using java applets), so no real problem for Openfire. Though Openfire’s Admin Console is using Java jsp pages and it potentially can be vulnerable, but you can limit the access to Admin Console with a firewall.
I’m updating Java quite often and Openfire is working fine. You don’t have to stop Openfire for Java update. At least i’m not stopping it on my Arch linux box. Maybe it is not using the new updated java until you restart the server, not sure now.
Hello Wroot,
Thanks again for your answer. You are responding all my questions on this forum
Ok, my server is behind a Pfsense firewall and in a DMZ, so I may have no risks for the access.
I’m going to pass tests for the Java update. I’m going to install a previous version of Java, install the Openfire server and update Java. I’ll see what’s happen.
When I have answers, I’ll come back post them here !
Have a nice weekend.
Kenny.
Check what java version is showing on the home page of the Admin Console before and after you do an update to Java. It is showig what java version is in use, i think.
Hello,
So, I have finished my updates on my Windows server tests.
I was on the 1.6 Java version on the Openfire’s admin page and I update to 1.7 version. The installation was done without stoping the OpenFire server but a restart have to be necessary to apply the new configuration.
Now, I’m on the 1.7 Java version on the admin page.
I think the process is the same on a linux server. I’ll try to be sur.
Thanks again wroot.
Kenny.
When you update Java you need to restart Openfire for it to use the new JRE.
Can’t say enough good things about Java 1.7 for Openfire. We’re on 2.8.2 and OpenJDK 1.7.0_45 for Red Hat Enteprise Linux 6.4. My middleware SME suggested I also use G1GC, which made a tremendous difference in memory utilization. My INSTALL4J_ADD_VM_PARAMS in $OPENFIRE_HOME/bin/openfire:
INSTALL4J_ADD_VM_PARAMS="-server -Xms256m -Xmx2048m -XX:+UseG1GC -Dcom.sun.management.jmxremote"