Release Notes and Announcements

 View Only
  • 1.  Jama 8.36.1 and nginx

    Posted 09-13-2019 12:14

    So, our Jama server running CentOS 7 was just flagged for a security issue due to the an older version of nginx.  According to CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, we need to have nginx > 1.16.1 and < 1.17.3.  Our version of nginx is 1.14.0.  

    The problem is that Jama comes pre-bundled with nginx 1.14.0.  I tried to update in docker, but the container that houses nginx does not contain yum or rpm.  I reinstalled Jama 8.36.1 using replicated replicated_ui and replicated_operator of 2.32.2, but I was still left with nginx 1.14.0.

    Is there a way to get an updated version of nginx in our Jama 8.36.1 installation?  I have a one month waiver before the system loses network connectivity due to this security issue.

    Ted Ying
    Greenbelt MD

  • 2.  RE: Jama 8.36.1 and nginx

    Posted 09-13-2019 15:18
    @Ted Ying:

    Sounds like something we need to check in the backend, please make a ticket with our Support team.

    Thank you,​

    Chloe Elliott
    Jama Software
    Portland OR

  • 3.  RE: Jama 8.36.1 and nginx

    Posted 09-16-2019 02:04
    Thank you for bringing this to our attention.
    @Chloe Elliott, please keep us updated about the actions Jama is going to take, as we are affected as well.

    Thank you,

    Anna Henke
    MeVis BreastCare GmbH & Co. KG

  • 4.  RE: Jama 8.36.1 and nginx

    Posted 09-26-2019 03:00
    Hi @Anna Henke,

    Looks like 8.42 is shipped with NGINX_VERSION: 1.16.1-1.el7.ngx


    Janis V