So, our Jama server running CentOS 7 was just flagged for a security issue due to the an older version of nginx. According to CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, we need to have nginx > 1.16.1 and < 1.17.3. Our version of nginx is 1.14.0.
The problem is that Jama comes pre-bundled with nginx 1.14.0. I tried to update in docker, but the container that houses nginx does not contain yum or rpm. I reinstalled Jama 8.36.1 using replicated replicated_ui and replicated_operator of 2.32.2, but I was still left with nginx 1.14.0.
Is there a way to get an updated version of nginx in our Jama 8.36.1 installation? I have a one month waiver before the system loses network connectivity due to this security issue.
------------------------------
Ted Ying
NASA GSFC
Greenbelt MD
ted.ying@nasa.gov------------------------------